FOR OFFICIAL USE ONLY - U.S. Department of Defense

Report Number: DoDIG-2012-142 September 28, 2012

DEPUTY INSPECTOR GENERAL FOR INTELLIGENCE

AND SPECIAL PROGRAM ASSESSMENTS

Summary Report of FY 2011 Inspections on

Security, Intelligence, Counterintelligence, and

Technology Protection Practices at DoD Research,

Development, Test, and Evaluation Facilities

FOR OFFICIAL USE ONLY

Additional Information and Copies

For information and to request copies of this summary, contact the DoD Office of Inspector General at (703) 882-(b)(6) or DSN 381-(b)(6) .

Suggestions for Future Audits and Evaluations To suggest ideas for, or to request future audits or evaluations, contact the Office of the Deputy Inspector General for Intelligence and Special Program Assessments at (703) 882-(b)(6) (DSN 381-(b)(6) ) or UNCLASSIFIED fax (571) 372-7451. Ideas and requests can also be mailed to:

ODIG-ISPA (ATTN: ISPA Suggestions) Department of Defense Inspector General 4800 Mark Center Drive (Suite 10J25) Alexandria, VA 22350-1500

Acronyms and Abbreviations

ACAT AFOSI CPI DoD CIO DSS IG MDA NCIS OIG OPSEC PM RDA RDT&E USD(AT&L)

USD(I)

Acquisition Category Air Force Office of Special Investigations Critical Program Information DoD Chief Information Officer Defense Security Service Inspector General Missile Defense Agency Naval Criminal Investigative Service Office of Inspector General Operations Security Program Manager Research, Development, and Acquisition Research, Development, Test, and Evaluation Under Secretary of Defense for Acquisition, Technology,

and Logistics Under Secretary of Defense for Intelligence

FOR OFFICIAL USE ONLY

INSPECTOR GENERAL

DEPARTMENT OF DEFENSE

4800 MARK CENTER DRIVE

ALEXANDRIA, VIRGINIA 22350-1500

September 28. '.2012 MFMORA~'Dl M FOR: SEE DISTRIBUTION

SUBJECT: Summary Repo11 of FY 2011 inspections on Sl!curity. lnLelligence. Counterintelligence. and Technology Protectiou Practices at DoD Research. Development, Test, and Evalua1ion Facilities (Report No. DoOlG-2012-142)

We? arr: pro' iding this rcpon for your infonnation and use. W.:. issued a draft of this report on September ::!4. 2012. No written rcspo11Sc to this report was required aJ1d none was received. Therefore. we arc puhlishing this report in final form.

w~? appreciate the courtesies extended m the staff. Please direct questions to me at (703) 882-- (DSN 381. .}.

es R. Ives cting Dcptrt) lnspec1or General

for lntelJjgence and Special Program Assessments

DISTRIBUTION:

OFFICE OF THE SECRETARY OF DEFENSE Under Secretary of Defense for Acquisition, Technology, and Logistics Under Secretary of Defense for Policy Under Secretary of Defense for Intelligence DoD Chief Information Officer Director, Defense Information Systems Agency Director, Defense Security Service

DEPARTMENT OF THE ARMY Assistant Secretary of the Army for Acquisition, Logistics, and Technology Commanding General, Army Materiel Command G-2, Army Materiel Command

Deputy Chief of Staff, G-2

Inspector General, Department of the Army

Auditor General, Department of the Army Service

DEPARTMENT OF THE NAVY Assistant Secretary of the Navy for Research, Development, and Acquisition Naval Criminal Investigative Service Naval Inspector General Auditor General of the Navy

DEPARTMENT OF THE AIR FORCE Assistant Secretary of the Air Force for Acquisition Administrative Assistant to the Secretary of the Air Force Inspector General, Department of the Air Force Commander, Air Force Materiel Command Commander, Air Force Office of Special Investigations Auditor General of the Air Force

CONGRESSIONAL COMMITTEES AND SUBCOMMITTEES, CHAIRMAN AND RANKING Senate Subcommittee on Defense, Committee on Appropriations Senate Committee on Armed Services Senate Select Committee on Intelligence Senate Committee on Homeland Security and Governmental Affairs House Committee on Armed Services House Permanent Select Committee on Intelligence House Committee on Oversight and Government Reform House Subcommittee on Government Management, Organization, and Procurement, Committee on Oversight and Government Reform House Subcommittee on National Security and Foreign Affairs, Committee on Oversight and Government Reform

FOR OFFICIAL USE ONLY

Report No. DoDIG-2012-142 (Project No. D2012-DINT01-0162.000)

September 28, 2012

Results in Brief: Summary of FY 2011 Inspections on Security, Intelligence, Counterintelligence, and Technology Protection Practices at DoD Research, Development, Test, and Evaluation Facilities

What Was Done

This summary is a compilation of inspection results from the DoD, Service, and Missile Defense Agency (MDA) Offices of Inspectors General (OIG) and, where available, notes the best practices of each. The DoD OIG assessed an acquisition category 1D program; the Service IGs selected 34 of 118 research, development, test, and evaluation (RDT&E) facilities under their purview for inspection; and the MDA looked at the effectiveness of their critical program information (CPI) identification and program protection planning efforts, as well as their international security program. These inspections ensure a uniform system of periodic reviews for compliance with directives concerning security, intelligence, counterintelligence, and technology protection practices. The OIGs used the biennial inspection guidelines that focus on eight key issue areas related to program protection.

What Was Found

Identifying CPI. Generally, an effective process for identifying CPI was found, with some having a standardized process for identifying CPI. However, 5 of the 35 sites inspected did not adequately identify specific CPI.

Program Protection Planning. Efforts to protect CPI are not integrated and synchronized to the greatest extent possible. In some instances, program protection plans were not completed and could not be assessed. However, in general CPI was incorporated into program protection plans.

Moreover, the level of training related to CPI protection varied, with some personnel with no training, others with training acquired on the job and still others with training offered by the research, development, and acquisition (RDA) program support organization.

Resources. DoD OIG's assessment found no embedded program security support. The program management office did not track all security costs nor did they report program protection or security-related expenditures, in order to establish budget projections for security throughout the program's life-cycle and with measuring the return on the security expenditures.

Security and Other Support. Although program staff requested and were provided intelligence support, it was not timely nor tailored to CPI, adversely affecting the PM's ability to implement an effective program protection plan. Service findings ranged from PMs not using counterintelligence assets correctly to counterintelligence assets being spread thin due to deployments and ad-hoc tasking.

Foreign Visitor Program. No major issues were noted with the effectiveness of the programs inspected. MDA was using the Foreign Visits System ? Confirmation Module.

Horizontal Protection. Data from an Air Force program was on a separate horizontal protection database, but recent guidance will allow Air Force to use the Acquisition Security Database.

Training and Education. Training for the protection of CPI was not tailored for intelligence and security personnel; and some personnel were not qualified to do the job.

CPI Policies. While DoD and Service policies to protect CPI have progressed in recent years, there is still a need for improvement.

FOR OFFICIAi L USE ONLY

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download