Congress's watchdog finds that the Defense Security Service has failed to catalogue agency contractors, doesn't track classified data violations, and is slow to inform contracting agencies when violations occur.
As Department of Defense (DoD) outsourcing grows and globalizes, the agency’s Defense Security Service (DSS) has failed to adequately monitor contractors for classified information violations, according to an independent investigation.
Ann Calvaresi Barr, head of acquisition and sourcing management issues with the U.S. Government Accountability Office (GAO), delivered her findings before a recent hearing of the House Armed Services Committee.
Barr’s investigation focused on the National Industrial Security Program (NISP), a DSS program instituted in 1993 to police how contractors detect and respond to incidents of mishandled of classified information.
First, GAO found that DSS does not systematically catalogue Pentagon contractors, including those under foreign ownership, control, or influence (FOCI).
Similarly, DSS does not catalogue and track reported violations, which Barr said is critical to targeting problem areas or contractors for added scrutiny.
GAO further found lax evaluation and reporting of violations by DSS. When DSS learns of a possible violation, they are required to determine whether a violation occurred, and if so, notify the affected agency.
GAO evaluated 93 reported violations, and in 75 cases found that DSS made no formal determination whether one had occurred. When DSS did, in most cases it took DSS more than 30 days to notify the contracting agency, in one case more than five months.
Barr citied an pattern of poor defense industrial base protection in recent years, from export controls to reviews of foreign acquisitions of U.S. defense contractors.
“Over the past several years GAO has looked at each of these and identified weaknesses in their implementation.” Barr said. “These weaknesses have been exacerbated by the increasingly global nature of the defense industrial base and the increased pace of technological innovation worldwide.”
GAO presented DoD specific recommendations for improved security not discussed in the open hearing, but Barr openly urged improved oversight of DSS and NISP.
Barr reported initial DoD resistance to GAO's recommendations:
"Although in its initial response to our reports, DoD did not agree with many of our recommendations or the need for corrective actions, we understand that DSS has subsequently begun to address some of the issues we raised," Barr said. "While we have not reviewed any of these actions and therefore can not address their potential effectiveness, we welcome DSS’s recognition that action is needed."
Witness Troy Sullivan, acting deputy under secretary of defense for counterintelligence and security, recalled a similar reaction to a 2005 GAO report on FOCI oversight.
"Although the Department non-concurred with almost all of the recommendations, the current DSS director recognized areas within the FOCI program that needed improvement, and therefore made the FOCI process a high priority in the agency’s transformation plan," Sullivan said
Sullivan pledged continued efforts to strengthen oversight.
"We understand that globalization and the active efforts of our friends and adversaries to acquire restricted technologies have not abated. The challenges for DSS have increased accordingly," Sullivan said.
DoD, Sullivan said, is "committed to the transformation of DSS from the troubled agency of the recent past, to the more robust, fully-funded, and aggressive organization that it has become."
In recent cases , both foreign nationals and U.S. citizens working for defense contractors have been charged with conspiring to steal U.S. military secrets or sensitive information for China.
This week Tai Mak, 58, of Alhambra, California, was sentenced to 10 years in prison for conspiring to transport sensitive U.S. Navy data to his native China. Mak’s brother, Chi Mak, also a Chinese citizen, was an engineer employed by Navy contractor Paragon Power, Inc. in Anaheim, the Los Angeles Times reports .
Tai Mak was caught in 2005 trying to board a China-bound flight carrying a computer disk bearing encrypted data about Navy systems. Chi Mak is currently serving a 24-year prison term.