Key Issues > High Risk > Ensuring the Effective Protection of Technologies Critical to U.S. National Security
High Risk Medallion

Ensuring the Effective Protection of Technologies Critical to U.S. National Security

This information appears as published in the 2017 High Risk Report.

View the 2017 Report

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

Technological superiority is critical to U.S. military strategy. Thus, the Department of Defense (DOD) spends billions of dollars each year to develop and acquire sophisticated technologies to provide an advantage for the warfighter during combat or other missions. Many of these technologies are also sold or transferred to foreign partners to promote U.S. economic, foreign policy, and national security interests. These technologies can also be acquired through foreign investment in the U.S. companies that develop or manufacture them. In addition, they are targets for unauthorized transfer, such as theft, espionage, reverse engineering, and illegal export.

To identify and protect technologies critical to U.S. interests, the U.S. government has a portfolio of programs. These include export controls—those developed to regulate exports and ensure that items and information are transferred in a manner consistent with U.S. interests—as well as a number of non-export control programs, including the Foreign Military Sales (FMS) program, anti-tamper measures, and the National Industrial Security Program, which oversees government contractors handling classified information, including that associated with critical technologies. These programs and activities are administered by multiple federal agencies with various interests, including DOD and the Departments of Commerce, Homeland Security, Justice, State, and the Treasury. We designated this area as high risk in 2007 because these programs, established decades ago, were ill-equipped to address the evolving challenges of balancing national security concerns and economic interests. While these agencies are making progress in addressing challenges identified by our work, we believe that additional leadership and coordination of programs and activities in the non-export control programs, among other things, is needed to identify strategic reforms that will help to advance U.S. interests.

Ensuring the Effective Protection of Technologies Critical to U.S. National Security

Since this area was added to the High-Risk List in 2007, our body of work in this area has identified progress in the programs designed to protect technologies critical to U.S. national security interests, but government-wide challenges remain, including the need to adopt a more consistent leadership approach, improve coordination among programs, address weaknesses in individual programs, and implement export control reform.

Hence, we continue to consider each of our high-risk criteria in this area to be partially met:

  • Leadership commitment to addressing challenges has been evident in some areas of the critical technologies portfolio, particularly with respect to the Export Control Reform initiative. However, as we reported in our 2015 update, greater collaboration among the critical technologies programs not directly related to export controls—including the FMS program, the anti-tamper program, and the National Industrial Security Program—could ensure that lead and stakeholder agencies take a more consistent approach to meeting program goals.
  • The capacity for addressing challenges and implementing reforms has improved for some programs. However, many efforts remain limited to individual programs or activities within the overall program portfolio, and there are areas where broader coordination could be beneficial, such as determining an appropriate technical reference to inform key decisions relating to critical technologies.
  • Action plans to guide improvements are in place for some programs; however, additional steps have yet to be taken to develop and implement action plans that will address ongoing challenges, such as administering the anti-tamper program.
  • Monitoring of efforts to meet key challenges also has improved at some programs. DOD and State have implemented some, but not all, of our past recommendations on developing performance measures and monitoring program outcomes.

Additional Details on What GAO Found are in the full report.

The need for action remains both at the individual program level and the portfolio level. We have made a number of recommendations to agencies aimed at improving coordination among the programs that are intended to protect technologies critical to U.S. national security. We believe that implementing these recommendations could result in significant improvements. Our body of work shows that challenges remain.

Leadership Commitment

To address existing challenges, we have previously reported that the executive branch and Congress should consider reevaluating the wider portfolio of programs protecting critical technologies, including assessing the prospects for achieving collaboration across separate but related programs designed to protect critical technologies. Executive branch leadership has been committed to reforming the area of export controls, an important step forward. But leadership commitment is less evident in the critical technologies programs that fall outside the scope of export control reform.

Capacity

Individual agencies need to continue to implement our recommendations to address weaknesses in their respective programs. Doing so could increase these programs’ capacity for implementing reforms. For example, the export control agencies should work to develop standard operating procedures for the Export Enforcement Coordination Center—a primary forum within the federal government to coordinate export enforcement efforts and identify and resolve conflicts—to facilitate data sharing.

Action Plan

Developing a concrete action plan for achieving collaboration across separate but related programs designed to protect critical technologies remains important. Executive branch leadership has developed a thorough action plan for export control reform. But formal and integrated planning is less evident in the critical technologies programs that fall outside the scope of export control reform.

Monitoring

Individual agencies need to continue to implement our recommendations to address weaknesses in their respective programs. Doing so could increase these programs’ ability to monitor progress. For example, DOD should take additional actions to enhance its ability to provide security assistance through, for example, its FMS program by establishing performance measures for all phases of the security assistance process.

Demonstrated Progress

Across the critical technologies portfolio, steps have been taken demonstrating progress, but more remains to be done. For example, efforts to develop procedures for coordination between the export enforcement community and the intelligence community remain incomplete. Similarly, we recommended in January 2013 that the Secretary of Defense should determine the best approach to meeting users’ needs for a technical reference, whether it be the U.S. Munitions List or the Industrial Base Technologies List, other alternatives being used, or some combination thereof, and ensure that resources are coordinated and efficiently devoted to sustain the approach chosen.[1] Since our recommendation, DOD officials said the department has moved toward using the U.S. Munitions List. However, DOD has not changed its policy requiring use of the Militarily Critical Technologies List (MCTL) as it has not yet received relief from that statutory requirement.

At the portfolio level, implementing export control reforms demonstrates leadership commitment, but the agencies involved in export controls must continue to implement reforms to achieve the goals set to protect U.S. interests. For non-export control reform, increased collaboration between DOD’s offices responsible for administering the FMS program and approving exports represents an important step forward in coordinating the activities of selected programs. However, leadership still must decide, among other things, how to address protection of critical technologies at a more strategic level. In particular, in February 2015 we recommended that, to ensure a consistent and more collaborative approach to protecting critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury as well as the Attorney General of the United States—who have lead and stakeholder responsibilities for the programs within the critical technologies portfolio—should take steps to promote and strengthen collaboration mechanisms among their respective programs while they implement and assess ongoing initiatives.[2] These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs’ intent, and any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

Congressional Actions Needed

Export control reform is being implemented in three phases. Phases I and II reconcile various definitions, regulations, and policies for export controls. As of August 2015, Phase I was finished. Phase II is nearing completion. This is all building toward Phase III, which will result in implementation of major changes supported by these reconciliations by consolidating export control efforts in four reform areas: creating a single, consolidated control list; designating a single licensing agency; designating a primary export enforcement coordination agency; and establishing a unified information technology system. We reported in February 2015 that significant collaboration by the participating agencies is essential to the Phase III consolidation efforts. In that same report, we noted that in order for full implementation of this third and final phase to occur, congressional action is needed to designate a single licensing agency and a primary export enforcement coordination agency. For example, since there are currently separate statutory bases for State and Commerce to review and issue export licenses, legislation will be required to consolidate the current system into a single licensing agency.


[1] GAO, Protecting Defense Technologies: DOD Assessment Needed to Determine Requirement for Critical Technologies List, GAO-13-157 (Washington, D.C.: Jan. 23, 2013).

[2] GAO, Critical Technologies: Agency Initiatives Address Some Weaknesses, but Additional Interagency Collaboration Is Needed, GAO-15-288 (Washington, D.C.: Feb. 10, 2015).

Looking for our recommendations? Click on any report to find each associated recommendation and its current implementation status.
  • portrait of Marie A. Mak
    • Marie A. Mak
    • Director, Acquisition and Sourcing Management
    • makm@gao.gov
    • (202) 512-4841