`
Technology Security &Foreign Disclosure
Export Control
Defense Exportability
2
Introduction
DefenseExportability
Sales & Transfers
Technology Security &
Foreign Disclosure
InternationalCooperative Programs
International Acquisition & Exportability (IA&E)• Introduction
• Technology Security & Foreign Disclosure
• Export Control• Defense Exportability• “Exportability” in IA&E
Planning and Implementation• Key Takeaways
Topics
3
Int’l Acquisition TransactionsStatus Quo -- Macro View
USStrategy & Policy
Foreign Strategy & Policy
Capabilities & Tech
Willing to Transfer
Desired Capabilities
& Tech
Inquiry, Partnership
Discussion or Request for Purchase
?
FMS
DCS
ICP
Other
TSFD Export Control
Int’lAcquisition
Transactions
Defense Acquisition System
4
TSFD Basics
Fundamental Security Considerations
Release Conditions
Type of Authorizations
TSFD Foreign VisitsDisclosureAuthorizations
• Not transfer or use for other purposes without U.S. consent• Provide substantially the same degree of protection as U.S.
Access Protection+
5
USG/DoDTSFD
“Theory”
6
TSFDKey Players & Processes
International Interaction
DoDComponent
Level
CoCOMCountry
Team Level
• ProposedPolicy Changes
• ComponentPolicy
• Implementationguidance &decisions
Military Departments
SAF/IA DASA(DE&C) & G-2 NIPO
• MAJCOMs• PEOs/PMs• Implementation• Technical
Details
AFSAC. AFMC AETC, etc.
USASAC AMC, etc.
NETSAFASYSCOMs, etc.
Labs, Warfare Centers, and Many Others
USG/OSD/Joint Staff
Level
• USG-widePolicy
• DoD-widePolicy
• Top LevelTSFD approvals
USD (Policy)USD (AT&L)USD (Intelligence)ASD(NII)
DoD Agencies: DSCA, DTSA, MDA, DTRA, DISA, etc.
USG/Interagency
Nat’l Sec CouncilIntel CommunityState DeptCommerce DeptHomeland Sec Dept
7
Categories of Information
Classified Military Information (CMI)
Information originated by or for the DoD or its agencies or is under its jurisdiction or control; and that requires protection in the interests of national security
Controlled Unclassified
Information (CUI)
Unclassified information that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations and Government-wide policies
Foreign Government
Information (FGI)
Information provided to the USG by a foreign government (s) or international organization or produced jointly with expectation that information, the source, or both are to be held in confidence
DoDM 5200.01 Vol 1-4; DoD Information Security Program
8
USG/DoD TSFD ProcessesMILDEP Processes
DoD Lead: Various
MILDEP-specific various
MILDEP Process
Other DoD Processes
DoD Lead: Various
Org.-specific various
Few documented processes
Interagency process
LO/CLO AT&L Primary
AT AT&L Primary
SAP SAPCO Specialized
DSC AT&L + Policy Specialized
Intel USD(I) Specialized
Data Links/WF DoD CIO Specialized
PNT/GPS DoD CIO Specialized
COMSEC NSA & DoD CIO Primary
GEOINT NGA Specialized
MTCR Policy Specialized
NDP Policy Primary
EW None No single process
NVD/INS DTSA Specialized
9
DoDD 5111.21, “ATTR SSG and TSFDO” (New October 2014)
OSD TSFD Initiative
• Arms Transfer and Technology Release (ATTR) Senior Steering Group (SSG) created in 2008 and formally established in 2012:– Overarching DoD authority to ensure clear senior-level
direction; USD(P) & USD(AT&L) co-chairs – Serves as appeals board and mediation body
• TSFD Office (TSFDO) supports ATTR SSG efforts:– ATTR SSG Executive Secretariat and assesses/recommends
changes to policies– Develops/implements procedures and checklists,
coordinates documentation and policy, conducts outreach
10
OSD Oversight
Secretary of Defense––––––––––––––––––––––––Deputy Secretary of Defense
Secretary of Defense––––––––––––––––––––––––Deputy Secretary of Defense
Under Secretary(Acquisition, Technology
and Logistics)
Under Secretary(Acquisition, Technology
and Logistics)
Under Secretary(Policy)
Under Secretary(Policy)
Director, International Cooperation
(AT&L IC)
Director, International Cooperation
(AT&L IC)
Defense Technology Security Administration
(DTSA)
Defense Technology Security Administration
(DTSA)
Arms Transfer & Technology ReleaseSenior Steering Group (ATTR SSG)
Technology Security and Foreign Disclosure Office (TSFDO)
11
TSFD Basics
Fundamental Security Considerations
Release Conditions
Type of Authorizations
TSFD Foreign VisitsDisclosureAuthorizations
• Not transfer or use for other purposes without U.S. consent• Provide substantially the same degree of protection as U.S.
Access Protection+
12
National Disclosure Policy Overview
• Provides a framework and mechanism for implementing the security requirements of:– Arms Export Control Act (AECA)– Executive Order 13526– NSDM 119
• DoDD 5230.11, “Disclosure of Classified Military Information to Foreign Governments and International Organizations”
13
NDP-1
• Interagency document that implements NSDM 119 within the Executive Branch
• Issued by the Secretary of Defense with concurrence of other Departments and Agencies
• Sets forth specific criteria and conditions that must be satisfied before a decision is made to disclose CMI
• Delegates to the Executive Branch authority to release CMI to eligible governments & international organizations
• Disclosure authority delegated to Heads of Departments and Agencies with jurisdiction over the information
• Disclosure decided on a case-by-case basis and approval of the originator required
14
Disclosure Authorizations
Officials with disclosure authority must consider:• Originator of information • NDP disclosure criteria and conditions
− Supports U.S. foreign policy, military & security objectives− Does not jeopardize U.S. military security− Foreign recipient has the intent and capability to provide the equivalent
degree of protection− Results in clearly defined benefits to the U.S.− Information limited to satisfy authorized purpose
• Delegated Disclosure Authority Levels (from NDP-1 charts)• NDPC Policy Statements
− Countries / Technologies / Weapon Systems
… Avoid making false impressions!
15
Other Key TSFD Policy Sources
• NSDD 189*– Established principle that USG/DoD fundamental research should
remain unrestricted to the maximum extent possible – If national security requires control, information should be classified
• DoDI 5230.24 and DoDD 5230.25**– Establishes DoD policy for marking and managing technical documents,
including DoD program and technical information, and provides for CUI controls (if appropriate) over their distribution, release, and dissemination
– Helps implement DoDD 5230.25 by providing DoD acquisition community document originators with guidance on what must be controlled as CUI
*NSDD 189, National Policy on the Transfer of Scientific, Technical and Engineering Information, 21 Sep 1985**DoDI 5230.24, Distribution Statements on Technical Documents, 23 Aug 2012 and DoDD 5230.25, Withholding of Unclassified Technical Data from Public Disclosure, 6 Nov 1984
Protection of CUI
• Addressed in DoDM 5200.01, Volume 4, “DoD Information Security Program: Controlled Unclassified Information (CUI)”
• Application of FOUO Markings to CUI
• Access to CUI (within the DoD and disseminated outside the DoD)
• Physical protection of CUI
17
TSFD Basics
Fundamental Security Considerations
Release Conditions
Type of Authorizations
TSFD Foreign VisitsDisclosureAuthorizations
• Not transfer or use for other purposes without U.S. consent• Provide substantially the same degree of protection as U.S.
Access Protection+
18
Foreign Visit Authorizations
• Verifies clearance, need to know, and sponsor• Purposes of Visit Requests:
– Facilitate administration (scheduling/venue)– Vehicle for disclosure/export authorization decisions– Vehicle for security assurance
• Types of Visits:– One-time – single visit, <30 days, specific purpose– Recurring – intermittent visits usually up to 1 year– Extended – single visit for 2-3 years / program
• Types of Assignments:– Foreign Liaison Officer (FLO)– Defense Personnel Exchange Program (DPEP)– Cooperative Program Personnel (CPP)
… Avoid makingfalse impressions!
19
USG/DoDTSFD
“Practice”
20
International ProgramsSecurity Planning
• Effective planning for foreign participation in an international program starts early-on
• Failure to plan for security requirements and accomplish them in a timely fashion can adversely affect cost, schedule, and performance
• In order to achieve effective security planning– Identify information/technology requiring protection– Identify & specify what can be shared & with whom– Document how it is to be protected, to include what cannot be
shared
21
Obtaining TSFD Approvals
• Who has foreign disclosure authority over the CMI and/or CUI to be released?
• Should the TSFDO and ATTR SSG be informed or involved?• Has Classified Military Information (CMI) disclosure
authority been delegated? (NDP Charts, Policy Statements, etc.)
• Is an Exception to National Disclosure Policy (ENDP) required for CMI release?
− Supported by the DoD Component− Approved through the ENDP process
• Are other USG/DoD processes or releases required? (if so, TSFDO consultation is recommended)
22
MILDEP Int’l Program Organizations (IPOs)
SECDEFDEPSECDEF
SECDEFDEPSECDEF
Secretary of the Army Secretary of the Army Secretary of the Air ForceSecretary of the Air ForceSecretary of the NavySecretary of the Navy
Assistant Secretary forAcquisition, Logistics and
Technology
Assistant Secretary forAcquisition, Logistics and
Technology
Deputy Under Secretary forInternational Affairs
Deputy Under Secretary forInternational Affairs
Assistant Secretary forResearch, Development,
and Acquisition
Assistant Secretary forResearch, Development,
and Acquisition
Deputy Assistant Secretaryfor Defense Exports and
Cooperation
Deputy Assistant Secretaryfor Defense Exports and
Cooperation
Director, Navy InternationalPrograms Office
Director, Navy InternationalPrograms Office
There are Similarities and DifferencesAmong Them!
23
Foreign Disclosure Officer (FDO)
• Military or civilian personnel authorized by the DoD Component DDA to make foreign disclosure decisions
• Based on delegated authority, FDOs make program-level disclosure decisions on release of CMI and CUI
• FDOs must ensure:− Proposed disclosure is in support of a lawful and authorized USG
purpose− Parent Component is the originator of the information− Proposed release decision is within their delegated authority − Other DoD Components having joint or shared interest have been
consulted − Decision is consistent with false impressions policy
Make the FDO part of the program team!
24
Delegation of Disclosure Authority Letter (DDL)
• Issued by DoD Component Designated Disclosure Authority (DDA) in consultation with PM and TSFD stakeholders
• Documents classification levels, categories, scope, and limitations on information that DoD personnel can disclose to foreign entities on a program
• Delegates disclosure authority to lower level organizations within the Component
• Should be prepared as soon as foreign participation is planned in a program
• U.S.-only document not to be shared or discussed with foreign personnel
25
Defense Security Service
• Defense Security Service (DSS) Mission– Administer the National Industrial Security Program– Support national security and the warfighter– Oversee the protection of U.S. and foreign classified
information in the hands of industry
• DSS Operational Directorates– Industrial Security Field Operations (Field Agents)– Programs and Policy – Foreign Ownership, Control or
Influence (FOCI); National Interest Determination (NID); and International Division
– Education and Training (Courses and webinars)– Counterintelligence (Awareness and Elicitation issues)
26
Export Control Basics
Fundamental Considerations
Key Principles
Type of Authorizations
State
• Control U.S.-origin sensitive technology & equipment• Promote regional stability• Human rights• Prevent proliferation to problem end-users and international terrorists• Comply with international arms control and technology transfer
commitments
ForeignPolicy
Countryof Origin Destination
TechnologySensitivity Recipient
Commerce Other
27
Export Control Legislation
Arms Export Control Act• Authority to promulgate regulations governing commercial exports
of defense articles and services was delegated to the Secretary of State
• Implemented by the International Traffic in Arms Regulations (ITAR)• Legal basis for the United States Munitions List (USML) – defense
articles and services
Export Administration Act• Authority to implement given to the Department of Commerce• Implemented by the Export Administration Regulations (EAR)• Legal basis for the Commerce Control List (CCL) – dual-use items,
“600 Series” items transferred from USML and “Country Chart”
28
USG Export Control System
• Federal Regulations: ITAR – Defense Articles and Services
EAR – “Dual Use” Articles and Services
• Key Organizations :– State Department -- Directorate of Defense Trade
Controls (DDTC)– Commerce Department – Bureau of Industry and
Security (BIS)– DoD – Defense Technology Security Administration
(DTSA)
29
Export Examples
• Shipment to Foreign Destinations (Including Canada)
• Shipment to Foreign Entities in U.S. (e.g., Embassies)
• Foreign Travel
• Hand-carry
• Technical Services
• Electronic Transmission
• Symposia Presentations
• Published Articles
• Computer Networks (Internet, Intranet, Web Sites) … Laptops
• Conversation
• Business Meetings
• International Mail
• Telephone Conversations
• Foreign Visitors: Facility Tours Meetings
• Foreign Employees
• Trade Shows (U.S. & Overseas)
30
ECR USML to CCL “Migration”
Four Reform Major Areas: (See http://export.gov/ecr )– Single export control enforcement coordination center (established)– Single USG IT system for export control (nearing completion)– Single export control list (USML to CCL migration)– Single licensing agency (requires legislation – very unlikely to occur)
• International Traffic in ArmsRegulations (ITAR)
• Military Items
State Department
US Munitions List (USML)Categories
• Export AdministrationRegulations (EAR)
• Commercial & Dual Use Items
Commerce Department
Commerce Control List (CCL)600 Series
Less Sensitive Items
31
Export License vs Disclosure Process
N2
OSD/StateNavy
Some Decisions Delegated to the Navy
Balance of Decisions Retained by OSD
Arms Transfer Policy Review Group (ATPRG) -- Precedent
Setting Issues
NDPC -- Transfer of ClassifiedInformation/Material
LO/CLO Tri-Service Committee and EXCOM
Committee on National Security Systems (CNSS) -- COMSEC
TTSARBPrecedent
SettingIssues
Decisions
Request for
Exceptionas
required
NIPO
DASN(IP)
Signals Intelligence Committee EW Parametric Data
D
E
C
I
S
I
O
N
Disclosure Authorities
Disclosure Policy Process
ASN(RD&A)
N6/N7
N/AUnified CMDs -- SATCOM
N2
1-2 years
INDUSTRY
DTSA
MIL SERVICES
STATE
Up to 120 days
Traditional Industry View
Not Well Understood by Industry
Disclosure Approval Precedes Export License Submission
Start
32
Export ControlPlanning for ICPs
• Technology Release Roadmap (TRR) − Prepared if a substantial amount of ICP activity is envisioned− Provides early planning for technology releases to foreign industry− Describes when the critical events regarding TSFD planning and
implementation should be addressed − Projection of when U.S. industry export approvals may be required
to support initial ICP efforts
• TRR sections− Timeline of key projected export approvals against the program
acquisition schedule− Definition of the technologies involved in each export approval− List of U.S. contractors (exporters) as well as foreign entities (end
users) for each export approval
33
International Acquisition & Exportability (IA&E)
DefenseExportability
Sales & Transfers
Technology Security & Foreign Disclosure
InternationalCooperative
Programs
34
Program Protection
“Program protection also supports international partnership building and cooperative opportunities objectives by enabling the export of capabilities without compromising underlying U.S. technology advantages.” Program managers will describe in their [Program Protection Plan] PPP the program’s critical program information and mission-critical functions and components … [including] planning for exportability and potential foreign involvement. Countermeasures should include anti-tamper, exportability features, security … and other mitigations …”
DoDI 5000.02 (Enclosure 3, paragraph 13) New
35
Systems Engineering
• Protect Critical Technology• Enhance the Exportability of Defense Systems• Facilitate International Cooperative Programs• Promote Allied and Friendly Nation
Interoperability
36
Critical Program Information
CPI is defined as the elements or components of an RD&A program that, if compromised, could:
– Cause significant degradation in mission effectiveness– Shorten expected combat-effective life of the system– Significantly alter program direction– Enable an adversary to overcome the technology
CPI includes:– Critical information, elements, or components– Classified or unclassified technology– “Crown jewels” requiring extraordinary protection
37
Program Protection Plan (PPP)
• Single source document• Comprehensive protection• Objective: Prevent exploitation of U.S.
technology or the development of countermeasures to U.S. defense systems
• When: As soon as CPI is identified, should be approved at Milestone A; must be updated at subsequent Milestones
• Responsibility: PM• Approval: MDA
38
DEF Dimensions
Differential Capability• Design, develop, and test
modifications to the DoD configuration that incorporate partner/customer nation unique capabilities and remove (and confirm the removal of) U.S.-only capabilities/CPI to create one or more exportable versions of the system
Anti-Tamper (AT)• System engineering activities
designed into the system architecture to protect CPI against:− Unwanted technology transfer− Countermeasure development − Capability/performance
degradation through unauthorized system intrusion/modification
• Deter, impede, detect, and respond to exploitation of CPI in DoD systems resulting from combat losses or export sales
39
Anti-Tamper (A-T)
• A-T and FMS– ATEA coord. on LOR responses for systems containing CPI– A-T mechanisms and costs must be included in the LOA– Compliance with A-T requirements certified to DSCA– ATEA must approve A-T Plan prior to LOA offer– Satisfactory V&V testing completed before export
• A-T Disclosure Guidelines– Fact of A-T implementation should be unclassified– Advising foreign partners that system contains A-T
measures is usually best course of action– Measures used to implement A-T will normally be classified
and should not be disclosed
40
Defense Exportability Features(DEF) Pilot Program
• FY11 NDAA directed SECDEF to “carry out a pilot program to develop and incorporate technology protection features in a designated system during the R&D phase of such system.”
• Program Scope/Status– Identify MDAPs for which there is significant anticipated export demand and whose
technical aspects are amenable to DEF– Pilot program to provide funding to evaluate exportability and facilitate planning for,
design, and incorporation of exportability features during RDT&E– AT&L selects candidate programs from MILDEP nominations
• FY12 NDAA change– Industry to share at least half the cost of developing and implementing program
protection features
• FY14 NDAA extended pilot program through October 2020• FY15 NDAA gives SECDEF flexibility to determine cost share
Defense Exportability is Part of BBP 2.0
41
Developing Exportable Configurations
• At the Development RFP Release Decision and Milestone B, the MDA should determine if one or more exportable configurations should be developed
− Informed by feasibility studies; requirements included in RFP− Funding sources must be identified
• Most Programs Employ a Combination of Funding Sources
• ICP funding (various alternatives)
• Industry (various alternatives)• FMS or DCS customer nation funding• DSCA Special Defense Acquisition Fund (SDAF)• Title 10 funding (specific authorization & appropriation)
OUSD(AT&L) International Cooperation
FY12 DEF Pilot Programs
42
Programs MILDEP Contractor Milestone
Joint Proximity/Height of Burst Fusing (HOBF)
Army Picatinny Arsenal Non-MDAP
Army Integrated Air and Missile Defense (AIAMD)
Army Northrop Grumman Post-B
Indirect Fires Protection Capability, Increment 2 – Intercept (IFPC2-I) Army AoA Pre-A
Common Infrared Counter Measures (CIRCM)
Army BAE SystemsNorthrop Grumman
Pre-B
MQ-4C Triton (formerly Broad Area Maritime Surveillance, BAMS)
Navy Northrop Grumman Post-B
Three Dimensional Expeditionary Long Range Radar (3DELRR)
Air Force RaytheonLockheed Martin
Northrop GrummanPre-B
OUSD(AT&L) International Cooperation
FY13-14 DEF Pilot Programs
43
Programs MILDEP Contractor Milestone
Next Generation Jammer (NGJ) Navy Source Selection Post-A
Air & Missile Defence Radar (AMDR)
Navy Source Selection Post-B
P-8A Poseidon Navy Boeing Post-C
E2D Advanced Hawkeye Navy Northrop Grumman
Post-FRP
Small Diameter Bomb II (SDB II) Air Force Raytheon Post-B
MQ-9 Reaper Air Force General Atomics Post-C
Joint Air-to-Surface Standoff Missile (JASSM)
Air Force Lockheed Martin Post-C
Joint Ground to Air Missile (FY14) Army Lockheed Martin (LM)
Pre-B
Armed Aerial Scout and Ground Combat Vehicle
Army N/A N/A
44
How Many Configurations?
Few• Simpler design and test• Simpler production and
logistics• Easier upgrades• More affordable
Many• Greater customer choice• Treats countries differently• Tailored logistics and
upgrades• More expensive
DoD and partner/customer nations must compromise to achieve optimal outcomes for all (easy to say, hard to do)
45
Defense Exportability Activities
IOCA CB
LRIPTechnology Maturation &
Risk Reduction.
Production & Deployment
DRFPRD
MaterielSolutionAnalysis
CDD-V
CDDICD Draft
CDD
Operations & SupportMateriel
DevelopmentDecision
FRP
Decision
Sustainment
DisposalFOC
Engineering & Manufacturing Development
CDRCPDPDR
Exportability Assessment
• Projected sales
• Technology complexity
Exportability Feasibility Studies
• Conducted with program contractor
• Included in TMRR contract
• Funded by program or DEF PE
• Industry provides 50%
Exportable Designs
• Funded by program, cooperative program or customer, or industry (or combination)
• May be multiple configurations
Exportable Version Production
• Funded by customer• May be multiple
configurations
Exportable Version Depot &
Spares • Funded by
customer
Activities Require MDA Approval
46
Int’l Acquisition TransactionsLooking Forward -- Macro View
USStrategy & Policy
Foreign Strategy & Policy
Capabilities & Tech
Willing to Transfer
Desired Capabilities
& Tech
Inquiry, Partnership
Discussion or Request for Purchase
?
FMS
DCS
ICP
Other
TSFD Export Control
Int’lAcquisition
Transactions
Defense
InitialTSFD& DEF
Add
EngageEarlier Acquisition System
47
The Dilemma
Will these new TSFD/DEF initiatives help?
Provide required capabilities
quickly to allies and friends
Protect the “crown jewels” of U.S. defense
technology
48
Reference Charts
49
USG/DoD TSFD Processes
• TSFD process approvals are normally required for DoD-related gov’t and industry international acquisition activities
• TSFD processes run independently under leadership of different USG/DoD Departments, Agencies & organizations
• PMs/IPT members should work with DoD Component Foreign Disclosure Offices (FDOs) to identify/initiate required actions
Consult/Coordinate with Local/DoD Component FDOs
Normally Requires Coordination with
Multiple Organizations
NDP
DoD Lead: OUSD
(P)
EO 12356
NDP- 1
DoDI5230.11
DoDI5200.39
Primary Process
LO/CLO
DoD Lead: AT&L
EO 12968
EO 13526
DoDI S-5230.28
Primary Process
SAP
DoD Lead: AT&L
EO 12968
EO 13526
DoDD 5205.07
DoDI S-5230.8
DoDI S-5230.28
Primary Process
COMSEC
DoD Lead: NSA &
NII
DoDD C-
5200.5
NSD 42
DoDI8523.01
CJSI 6510.06
A
Primary Process
DSC
DoD Lead: AT&L
DSD Memo 10/27/0
8
AT&L SP &
DUSD TSP& NDP
Memo 2/26/09
Specialized Process
MTCR
DoD Lead: DSCA/ Policy
MTCR
ITAR 121.16
DoD 5101.38
- M
Specialized process
Intel
DoD Lead: USD(I)
DODD 5240.01
DIA DPR-
00 - 217 -99
JP 2- 01
DoDI S-3200.17
DCID 6/7
DoDD C-
5230.23
ICD-113
Specialized process
Data Links
DoD Lead:
NII
DoDD4630.09
Specialized process
PNT/
GPS
DoD Lead:
NII
DODI 4650.06
NSPD #39
DoDD4650.05
Specialized process
MNIS CENTRIX
DoD Lead:
JS
DODI 8110.1
Specialized process
Geo- spatial
Products
DoD Lead: NGA
DoDD5105.60
DoDI5030.59
DCID 1/8
No documented
process
EW
DoD Lead: TBD
DoDD 3222.4
DoDI O-3600.02
No documented
process
MILDEP
Processes
§DoD Lead:
Various
§ MILDEP-specific various
Various documented
process
50
NDPC Membership
General Members
State
Defense
Army
Navy
Air Force
CJCS
Special Members
Director, National IntelligenceDirector, Central IntelligenceDepartment of EnergyDepartment of Defense:• OUSD(P)• OUSD(I)• OUSD(AT&L)• CIO• OATSD (NCB)• Defense Intelligence Agency• National Geospatial-
Intelligence Agency• National Security Agency• Missile Defense Agency
51
Country Charts Annex to NDP-1
Military Materiel and Munitions
Applied Research and Development Info and Materiel
Production Information
Combined Military Operations, Planning, and Readiness
U.S. Order of BattleNorth American DefenseMilitary Intelligence
Country A
Country B
Country C
1
2
3
4
5
67
8
S
S
C
C
C
TS S
Organization, Training, and Employment of Military Forces
52
Defense Visit Offices
Defense Intelligence Agency (DIA)Defense Foreign Liaison (PO-FL)
Department of the Air Force Foreign Disclosure and Technology Transfer Division
(SAF/IAPD)
Department of the Navy Navy International Programs Office (NIPO-10)
Department of the ArmyDeputy Chief of Staff for Intelligence
Directorate of International Relations (DAMI-IR)
CognizantForeign
DisclosureOffice
DoD/Commercial
VisitLocation
Approval/DenialNon-Sponsor
Approval/DenialNon-Sponsor RecommendationRecommendation
Visit Request Process –Foreign Visits System (FVS)
VisitRequest
VisitRequest
ForeignEmbassy
53
Foreign Personnel Assignments
• All visit requirements apply
• Additional requirements also apply
• Three basic types of assignments:– Foreign Liaison Officer (FLO) Program – national
representatives, usually for FMS or operations– Defense Personnel Exchange Program (DPEP) –
reciprocal personnel exchange to familiarize– Cooperative Program Personnel (CPP) Program –
assigned in support of a cooperative program
54
U.S. Visits Overseas
U.S. DoD Personnel …• Follow DoD Foreign Clearance Guide (FCG) • Submission normally 30 days in advance• Submission of appropriate clearances:
– Theater Clearance – U.S. military facility – Country Clearance – Host Govt. or contractor facility– Special Area Clearance – restricted visits
U.S. Contractor Personnel …• Per the FCG for DoD-sponsored visits• Per the ITAR and NISPOM• DISCO procedures apply
55
Program Security Instruction (PSI)
• Details the security arrangements for an ICP− Harmonizes security requirements of participants’
national laws and regulations− Implements security-related international
agreement provisions
• Format contained in Multinational IndustrialSecurity Working Group (MISWG) Document #5
• Forming a PSI working group and preparing the PSI in parallel with agreement negotiation/signature is recommended
• Security Classification Guide (SCG) may be attached to the PSI
CUI Markings
• Information that has been determined to qualify for CUI status shall be indicated by markings
• Marking information FOUO does not automatically qualify it for exemption from public release pursuant to the FOIA
• CUI disseminated outside the DoD shall also bear a marking that states that the information may be exempt from mandatory disclosure in accordance with the FOIA
Arms Export Control Act
• Encourages restraint but recognizes that nations have valid defense requirements
• Recognizes most nations need help in acquiring defense capabilities and the need for defense cooperation among U.S. friends and allies
• Authorizes arms exports under direction of the President; Secretary of State shall administer or control
• Recipients must adhere to U.S. terms regarding:– Transfer– Use – Protection
ITAR – “Parts & Pieces”
• Part 120 Definitions• Part 121 U.S. Munitions List (USML)• Part 122 Registration• Part 123 Defense Articles• Part 124 Agreements and Defense Services• Part 125 Technical Data and Classified Defense
Articles• Part 126 General Policies and Provisions• Part 127 Violations and Penalties• Part 128 Administrative Procedures• Part 129 Registration and Licensing of Brokers• Part 130 Political Contributions, Fees and
Commissions
ITAR Export Authorizations
• Numbered License (DSP-5, DSP-83, etc.)
• Agreement (MLA, TAA, DLA)
• Exemption (Self-executing or Triggered)
– Can be revoked, suspended, or amended by DDTC for a variety of reasons
– Identifies the export, the article/technical data, any intermediate consignee, the end-user, and the end use
– License is valid for 4 years; agreement normally 10 years; records must be maintained for 5 years
60
What is an Export? (120.17)
• Sending/taking defense articles out of U.S. in any manner
• Transferring registration, control, or ownership to a foreign person of any aircraft, vessel, or satellite covered by the USML in U.S. or abroad
• Disclosing (including orally and visually) or transferring any defense article or technical data:– To an embassy, agency or subdivision of a
foreign government in U.S.– To a foreign person in U.S. or abroad
• Performing a defense service on behalf of or for the benefit of a foreign person whether in U.S. or abroad
61
Defense Article (120.6)
• Any item (hardware, services, technical data) identified in Part 121 (the United States Munitions List (USML))
• The USML contains 21 categories of articles, services and related technical data that are designated as defense articles and thus subject to export controls
• Department of State (DoS) designates with Department of Defense (DoD) concurrence
62
Technical Data (120.10)
• Information which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles
• Can include:– Classified Information– Information covered by invention secrecy order– Software defined in Part 121.8
• Does not include:– General scientific, mathematical or engineering data taught
in schools, or otherwise in the public domain; or– Basic marketing information on function or purpose or
general system descriptions of defense articles
How?
Why?
USG Export Control Reform
• Launched by the President in August 2009– Major overhaul of U.S. export control process– System rooted in Cold War era
• Basic principles … “simple yet comprehensive,” and higher walls around fewer items
• Challenge is balancing foreign policy with technology security priorities
• State of the Union and QDR, early 2010• Secretary Gates’ speech (April 2010)
– “We need a system that dispenses with the 95% of ‘easy’ cases and concentrate our resources on the remaining 5%”
http://export.gov/ecr
64
Defense Service (120.9)
The furnishing of technical assistance, including training, to foreign persons,
whether in the United States or abroad, in the design, development, engineering,
manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing or
use of defense articles
65
Export Control Websites
• ECR General Information– http://export.gov/ecr – About ECR – Areas of Reform – For Exporters
• State Department (DDTC)– http://www.pmddtc.state.gov/ECR – Background – ECR Announcements – ECR
Implementation Status – Decision Tools – FAQs
• Commerce Department (BIS)– http://www.bis.doc.gov – Reform tab … ECR Teleconference – Decision
Tree Tools – ECR FAQs
66
System Security Engineering
• Integrating process for mitigating and managing risks to advanced technology and mission-critical system functionality
• Provides the functional discipline within SE to ensure that security requirements are included in the engineering analysis
• Should include an assessment of security criteria that sets limits for:– International Cooperative Programs– Foreign Military Sales– Direct Commercial Sales
• From this assessment; engineering, hardware, and software alternatives (i.e. export variants and anti-tamper provisions) should be identified that would permit such transactions
67
Program Protection Plan (PPP)-- DAG Chapter 13.2. --
• System development document focused on identification and
protection of CPI as well as mission critical functions and components
• Milestone A and B PPPs should include areas such as:− Program’s potential for ICP efforts (including S&T) and future foreign sales− Initial TSFD and defense exportability activities including:
Candidate CPI identification for domestic and export configurations Potential defense exportability system security design risk mitigation measures
(anti-tamper, differential capabilities) Summaries of threats/risks/cost using format contained in OUSD(AT&L) Memo of
July 18, 2011
• S&T Community may participate in system development-related:– IAC and ICP S&T activities that support system development objectives– Defense Exportability Features (DEF) feasibility study efforts
68
PPP Template
• Introduction• Program Protection
Summary• CPI and Critical
Components• Horizontal Protection• Threats, Vulnerabilities &
Countermeasures• Other System Security
Related Plans/Documents
• Program Protection Risks• Foreign Involvement• Processes for Mgmt and
Implementation of PPP• Processes for Monitoring
and Reporting Compromises
• Program Protection Costs• Appendices A – E
DAG Chap. 13 provides additional guidance on PPP development
Per USD(AT&L) Memo of July 18, 2011 …
69
EMD Exportable Design & Development
No Standard Approach
PMs Should Pursue All Available Alternatives
• Exportable configurations should be developed during EMD or LRIP if there is a firm commitment such as:
− One or more signed ICP international agreements− One or more signed FMS LOAs − A USG-approved export of proposed U.S. industry DCS
transactions − DSCA use of Special Defense Acquisition Funding (SDAF) in
anticipation of FMS cases (under consideration)− Title 10 funding specifically authorized/appropriated for
exportable D&D work
70
Handouts
71
USG/DoD TSFD ProcessesMILDEP Processes
DoD Lead: Various
MILDEP-specific various
MILDEP Process
Other DoD Processes
DoD Lead: Various
Org.-specific various
Few documented processes
Interagency process
LO/CLO AT&L Primary
AT AT&L Primary
SAP SAPCO Specialized
DSC AT&L + Policy Specialized
Intel USD(I) Specialized
Data Links/WF DoD CIO Specialized
PNT/GPS DoD CIO Specialized
COMSEC NSA & DoD CIO Primary
GEOINT NGA Specialized
MTCR Policy Specialized
NDP Policy Primary
EW None No single process
NVD/INS DTSA Specialized
72
TSFD “Macro-Process”
73
Developing Exportable Configurations
• At the Development RFP Release Decision and Milestone B, the MDA should determine if one or more exportable configurations should be developed
− Informed by feasibility studies; requirements included in RFP− Funding sources must be identified
• Most Programs Employ a Combination of Funding Sources
• ICP funding (various alternatives)
• Industry (various alternatives)• FMS or DCS customer nation funding• DSCA Special Defense Acquisition Fund (SDAF)• Title 10 funding (specific authorization & appropriation)