Industrial Security

DOD Cannot Ensure Its Oversight of Contractors under Foreign Influence Is Sufficient Gao ID: GAO-05-681 July 15, 2005

The Department of Defense (DOD) is responsible for ensuring that U.S. contractors safeguard classified information in their possession. DOD delegates this responsibility to its Defense Security Service (DSS), which oversees more than 11,000 contractor facilities that are cleared to access classified information. Some U.S. contractors have foreign connections that may require measures to be put into place to reduce the risk of foreign interests gaining unauthorized access to classified information. In response to a Senate report accompanying the National Defense Authorization Act for Fiscal Year 2004, GAO assessed the extent to which DSS has assurance that its approach provides sufficient oversight of contractors under foreign ownership, control, or influence (FOCI).

DSS's oversight of contractors under FOCI depends on contractors self-- reporting foreign business transactions such as foreign acquisitions. As part of its oversight responsibilities, DSS verifies the extent of the foreign relationship, works with the contractor to establish protective measures to insulate foreign interests, and monitors contractor compliance with these measures. In summary, GAO found that DSS cannot ensure that its approach to overseeing contractors under FOCI is sufficient to reduce the risk of foreign interests gaining unauthorized access to U.S. classified information. First, DSS does not systematically ask for, collect, or analyze information on foreign business transactions in a manner that helps it properly oversee contractors entrusted with U.S. classified information. In addition, DSS does not collect and track the extent to which classified information is left in the hands of a contractor under FOCI before measures are taken to reduce the risk of unauthorized foreign access. During our review, we found instances in which contractors did not report foreign business transactions to DSS for several months. We also found a contractor under foreign ownership that appeared to operate for at least 6 months with access to U.S. classified information before a protective measure was implemented to mitigate foreign ownership. Second, DSS does not centrally collect and analyze information to assess its effectiveness and determine what corrective actions are needed to improve oversight of contractors under FOCI. For example, DSS does not know the universe of all contractors operating under protective measures, the degree to which contractors are complying overall with measures, or how its oversight could be strengthened by using information such as counterintelligence data to bolster its measures. Third, DSS field staff face a number of challenges that significantly limit their ability to sufficiently oversee contractors under FOCI. Field staff told us they lack research tools and training to fully understand the significance of corporate structures, legal ownership, and complex financial relationships when foreign entities are involved. Staff turnover and inconsistencies over how guidance is to be implemented also detract from field staff's ability to effectively carry out FOCI responsibilities.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.