Department of Defense: Observations on the National Industrial Security Program

Abstract

Our work on DSS oversight of contractor facilities and DSS oversight of contractors under FOCI identified certain systemic weaknesses. In both areas DSS did not systematically collect and analyze information to assess the effectiveness of its operations. Such an assessment would have assisted DSS in better managing its processes and enabled it to identify problems and institute corrective actions. In terms of facility oversight, DSS maintained files on contractor facilities security programs and their security violations, but it did not analyze this information to determine, for example, whether certain types of violations are increasing or decreasing and why. Further, the manner in which this information was maintained geographically dispersed paper-based files did not lend itself to this type of analysis. As a result, DSS was unable to identify patterns of security violations across all facilities based on factors such as the type of work conducted, the facilities government customer, or the facilities corporate affiliation. Identifying such patterns would enable DSS to target needed actions to reduce the risk of classified information being compromised. Similarly, DSS did not systematically collect or analyze information on foreign business transactions in a manner that helped it properly oversee contractors entrusted with U.S. classified information. Specifically, DSS did not know the universe of contractors operating under protective measures. With regard to contractors under FOCI, DSS did not collect and track in a timely manner the extent to which classified information was left in the hands of such contractors before measures were taken to reduce the risk of unauthorized foreign access.

Document Details

Document Type

Technical Report

Publication Date

Apr 16, 2008

Accession Number

ADA480261

Entities

Tags