1 / 45

Defense Exportability Integration

Defense Exportability Integration. “I don’t know what the hell this [exportability] is that people are always talking about … but I want some” (paraphrase of ADM King quote on “logistics”). Learning Objectives.

colman
Download Presentation

Defense Exportability Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defense Exportability Integration

  2. “I don’t know what the hell this [exportability] is that people are always talking about … but I want some” (paraphrase of ADM King quote on “logistics”)

  3. Learning Objectives • Plan and synchronize technology security and exportability efforts to enhance international acquisition outcomes at the PMO level • Examine the IA&E aspects of system security engineering and program protection • Evaluate Technology Security and Foreign Disclosure (TSFD) “pipe” impacts on program exportability • Analyze Defense Exportability Features (DEF) design and development alternatives • Examine international security measures and how USG export control measures affect international acquisition efforts • Examine typical exportability challenges and develop effective solutions

  4. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  5. Defense Exportability Framework Program Protection (International Considerations) International Security TSFD Approvals Defense Exportability Elements Exportability Design & Development Export Authorizations Exportability Integration Need to address and integrate each element in program planning

  6. Exportability “Big Picture” View Engage Earlier FMS TSFD Export Control Capabilities & Tech Willing to Transfer U.S. Strategy & Policy Initial TSFD & DEF Inquiry, Partner-ship Discussion or Request for Purchase ICP International Acquisition Transactions ? DCS Desired Capabilities & Tech Foreign Strategy & Policy BPC Best Practice Early Phases of the Defense Acquisition System

  7. Exportability – Details Also Matter! • Optimal exportability results require careful planning and systematic implementation of all relevant aspects • 7 out of 10 actions completed = “no go” on desired international acquisition transactions – must achieve 10 for 10! More complex programs = more exportability “moving parts”

  8. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  9. Program Protection Pillars • Sensitive Information: Resident in our systems and data links (COMSEC), general IT networks (Cybersecurity) and overall security measures National Security Agency (NSA), CYBERCOM, USD(I) and Defense Security Service (DSS) • Critical Program Info (CPI): Resident in our operational systems (hardware & software) DoD Anti-Tamper Executive Agent (ATEA) • Trusted Systems & Networks (TSN): Resident in our system’s supply chain, training, and logistics (hardware & software) Defense Intelligence Agency (DIA) and Defense Microelectronics Agency (DMEA) Each Pillar has it own rules and process owner(s)

  10. Int’l Aspects of Program Protection • USG/DoD TSFD policy only applies to exportable (rather than domestic) versions • USG export control policy governs export of both domestic and exportable versions but will normally be different for each version • CPI should be the same, but system AT policy guidance may differ for exportable versions depending on TSFD & EC policy • Cooperation/sales and transfers to other nations expand scope of required TSN protection for versions actually exported • Scope of information protection requirements also expanded due to international acquisition activities and interoperability Domestic and international aspects should be fully integrated

  11. System Security Engineering (SSE) SystemSecurity Engineering Specialties • SSE trade-off analyses across the various program protection domains establishes the foundation for future exportable configurations • IA&E Assessment results and the IA&E elements of program Acquisition Strategies should be considered by the SSE team while making these trade-offs • Once initial SSE design trade-offs are made and incorporated into the baseline system design, they are very hard (and expensive) to change in exportable versions developed later on Anti-Tamper Cybersecurity Exportable Features Trade-Off Analyses Hardware Assurance Software Assurance Supply Chain Risk Management Security Specialties Address “domestic” and “international” SSE aspects up-front

  12. Program Protection Teamwork Systems Engineering Program Management Domestic & International Outcomes Systems Security Engineering International Manager Other Functional Organizations Security Manager Foreign Disclosure Officer Contractor Team Functional disciplines play a key role in program protection implementation

  13. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  14. USG/DoD TSFD Processes DoD Component Processes MILDEP- Specific (well-defined) TSFD policy development normally starts here and then ends up in the “Pipes”... but which ones and how? Other DoD Components (less defined) Other DoD Processes DoD Lead: Various Organization specific -- various Title 50 Overlap Title 22 Interagency Process Few documented processes 14

  15. The Dilemma for Each “Pipe” Provide required capabilities quickly to allies and friends Protect the “crown jewels” of U.S. defense technology How does each “Pipe” balance these two competing demands? 15

  16. TSFD (ProgramPerspective) PROBLEM #3 – Too Much Autonomy w/out Synchronization & Timelines PROBLEM #4 Too Many Decision Documents PROBLEM #2 Too Many Entry Points/No Triage PROBLEM #1 Reactive Approach DoD Component IPO/Staff and TSFDO Decision Decision Gov’t Industry PROBLEM #5 No Top Level DoD Closure Process Decision ATTR SSG (Arms Transfer & Technology Release Senior Steering Group) Decision Decision Decision Decision Decision Decision ATTR SSG (Arms Transfer & Technology Release Senior Steering Group) MILDEPs Challenging, time consuming, and mandatory 16 Other DoD Components

  17. Ideal World Scenario so PMOs & Contractor(s) In the beginning … Harmonize domestic/foreign plans ‘Higher Authority’ strongly supports export Seek/obtain required U.S. and foreign funds All relevant TSFD Pipes identified up-front Pipes give clear, timely, harmonized guidance Design/develop U.S. and exportable versions Industry uses results to seek export approvals Seamlessly produce & support all versions In theory this could happen, but in practice, well …

  18. More Typical Scenario so PMOs & Contractor(s) In the beginning … Develop unique domestic/foreign plans Higher-ups don’t care about/oppose exports Manage U.S. and foreign funds separately Some relevant TSFD Pipes are missed Pipes give untimely and conflicting guidance Develop US version 1st & defer export version(s) Industry seeks export approvals on their own Produce & support versions differently Most PMOs encounter some (or even many) of these problems

  19. Basic Concepts • PMOs and their contractors should proactively engage TSFD stakeholders up-front and often • Communicate program goals to TSFD stakeholders • Local Command/DoD Component IPO experts can provide useful advice, but PMO and contractors should developdetailed action plans • Know your “TSFD approval timeline” and integrate it with the program schedule • Ask DoD Component IPO leadership, TSFDO, and ATTR SSG to help you tackle the toughest challenges

  20. Have you encountered significant TSFD challenges; and how have you been able to successfully resolve them (or not)?

  21. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  22. Exportability D&D Overview Past • Launch customer or partner nation paid for exportability design and development (D&D) modifications to original U.S. configuration • Expensive and time consuming with negative impact on ICP/FMS/BPC • No authority to use appropriated funds for exportability design Why • Enhance protection of Critical Program Information (CPI) and mission critical functions on exportable systems • Reduce overall domestic/exportable program protection costs • Make our systems/equipment available earlier to allies and friends Present • Defense Exportability Features (DEF) Pilot Program authorized by Congress in FY11 – became a permanent program with 2019 NDAA • DEF Programs assess and incorporate technology protection features in systems with high export potential during early R&D • Provides DoD funds to conduct exportability feasibility studies and facilitate initial D&D planning; plus, industry shares in the cost • A&S(IC) selects programs to participate to receive DEF funding 22

  23. What are the key challenges in assessing ‘near year’ DEF costs versus ‘future year’ DEF benefits?

  24. Differential Capability (DC) Modifications to the DoD configuration that create one or more exportable versions of the system in order to: Incorporate partner/customer nation unique capabilities Remove (and confirm the removal of) U.S.-only capabilities/CPI DEF Dimensions Anti-Tamper (AT) • Deter, impede, detect, and respond to potential exploitation of CPI in DoD systems resulting from combat losses, unauthorized intrusions, and exports • AT SSE activities during the system design process protect CPI against: • Capability/performance degradation to counter unauthorized system intrusion/modification • Countermeasure development • Unwanted technology transfer Impact of ATEA’s 2016 Tech Implementation Guide (TIG) Changes? How should we explain AT and DC to partner/customer nations? DC and AT efforts ultimately lead to D&D of U.S. and exportable versions 24

  25. Defense Exportability Funding Options • OUSD(A&S)/IC DEF Program funds • Program funds if authorized • DSCA Special Defense Acquisition Fund (SDAF) • ICP/FMS/BPC funds • Company funds Creative solutions required!

  26. How Many Configurations? • Few • Simpler design and test • Simpler production and logistics • Easier upgrades • More affordable • Many • Greater customer choice • Treats countries differently • Tailored logistics and upgrades • More expensive DoD Components and other nations must compromise to achieve optimal outcomes for all (easy to say, hard to do) PMOs should lead efforts to define the optimal number of versions 26

  27. DEF Program Activities Phase 1B Follow-on Studies Phase 1A Feasibility Studies Phase 2 Design & Development • Conducted if additional analysis is needed to identify DFE features prior to design activities • Export configuration designs • Develop protection or differential capability solutions • Incorporate DEF solutions into the system • Depends on cost and available funding • Assess international market for potential ICPs and defense sales • Identify NRE technical feasibility and costs • Perform Business Case Analysis (investment costs vs ROI in terms of average unit cost • Provide basis for TSFD pipe sufficiency reviews Studies should be conducted with program contractors with shared funding DEF Policy Implementation Memorandum and Guidelines

  28. MDA Decisions • MDA decision to proceed with development of one or more exportable system versions are influenced by the results of DEF feasibility studies and/or design efforts, and following factors: • Total NRE costs to design and develop exportability features • Availability of funding to pay the NRE costs (e.g., program funds, DSCA SDAF, ICP or foreign sales funding) • A signed ICP International Agreement • One or more signed FMS Letter(s) of Offer and Acceptance (LOA)

  29. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  30. PMO-Level International Security • International security planning should be integrated with overall program security arrangements as early as possible • Key considerations include CPPs and FLOs, as well as number of facilities and/or foreign visitors involved • International security arrangements should focus on • Coordination with “local command” security organizations to make provisions for onsite CPPs, nearby FLOs, and foreign visitors • Establishing physical/IT access procedures for foreign reps/visitors • Providing applicable DDLs to U.S. personnel • Publishing PMO-level international security policy and documentation 30

  31. Basic Concepts • Program contractors are responsible for ensuring export control compliance • PMOs normally help contractors obtain ITAR exemptions and often facilitate license approvals through DoD Component/DTSA channels • Program support contractors should register with State Department as ITAR exporters • Develop/update program’s Technology Release Roadmap (TRR) to link USG/DoD TSFD & USG export approvals

  32. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  33. “Money can’t buy you love or favorable export control decisions ... Well, in general, that’s true.”(Pentagon Official)

  34. Exportability Integration Technology Security & Foreign Disclosure (TSFD) Defense Exportability Features (DEF) Integration International Security Export Control

  35. Exportability Planning Continuum Acquisition Strategy Program Protection Plan Other Key Plans • PP teamwork arrangements for IA&E efforts • Key TSFD policy guidance • DEF D&D plans • PMO-level international security arrangements • Harmonization with Security Cooperation (SC) activities • USG EC policy guidance • Systems Eng Plan (SEP) • Anti-Tamper (AT) plan • Technology Assessment/Control Plan (TA/CP) • DEF Program plan (if app) • T&E Master Plan (TEMP) • Security Coop (SC) plans • Tech Rel Roadmap (TRR) • Prog Sec Inst (PSI) (if app) • PMO program protection organization • Advanced capabilities = CPI and Mission Critical Functions • Security Coop (SC) concept • Current/planned ICP, FMS, and BPC efforts IA&E Concept Current/Pending IA&E Efforts Detailed IA&E Planning

  36. Exportability Integration Teamwork Program Manager Systems Engineering Foreign Disclosure Officer International Manager Other Functional Organizations Security Manager Systems Security Engineering Contractor Team Integrated Domestic & International Design and Development Outcomes

  37. Exportability Integration Best Practices PMO emphasis on Exportability Integration is essential

  38. If early exportability engagement makes so much sense, why is it so hard to do?

  39. Exportability Overview • Int’l Aspects of Program Protection • TSFD – Navigating the “Pipes” • Exportability Design & Development • International Security Considerations & Export Control Aspects • Exportability Integration • Summary

  40. Summary • Effective Exportability Integration leads to effective program-level international acquisition outcomes • Establishes foundation for future ICP/FMS/PBC transactions • Provides systematic process to balance “provide capability” vs “protect technology” dilemmas • Harmonizes program protection activities across the spectrum of key functional disciplines • Synchronizes DoD/industry exportability efforts • PMOs should help draw the “big picture” first, then own the “details” throughout the program’s life-cycle • JST available on International Acquisition Management Community of Practice (ICOP)

  41. Back-Up

  42. Key DEF Challenges DEF efforts require PMO and industry commitment and resources • Obtaining DoD Component concurrence for an early DEF study • Conducting feasibility study BCAs assessing cost of DEF D&D efforts vs savings from future foreign buys may require talent/resources outside scope of the PMO • BCA results must justify early investment by USG/industry to achieve substantially reduced P&D and O&S phase costs from future U.S. and foreign acquisition • Obtaining industry agreement on DEF Program cost-sharing • Industry may be unwilling to invest due to uncertain Return on Investment (ROI) • Companies cannot use IR&D funding as their ‘fair share’ (but companies may use their IR&D to fund DEF work beyond or outside DEF Programs) • DoD/industry DEF cost sharing ratios other than 50/50 require USD(A&S) decision • Obtaining funding needed to conduct actual DEF D&D work • DEF Program funding limited to (~$3M/year) focused mainly on DEF studies • D&D efforts beyond/outside of the DEF Program must identify and use U.S. Title 10 funding, DSCA SDAF, and/or funding from ICP/FMS/BPC arrangements 42

  43. What Needs Protecting? Program Protection PlanningDoDI 5000.02 Enclosure 3 DoDI 8582.01 DoDI 8500 Series DoDI 5200.39 DoDI 5200.44 Sensitive Information Systems & CPI TSN & Components What: Information about system-related design, applications, processes, capabilities, and items Who Identifies: All ID Process: CPI identification, Criticality Analysis, COMSEC, and Security Classification Guidance Threat Assessment: Foreign collection threat informed by Intelligence and CI assessments Countermeasures: Cyber/Info Assurance, Classification, Export Controls, Security, etc Focus: “Keep critical information from getting out” by protecting data What: Leading edge research and technology and related capabilities Who Identifies: Technologists, Systems Engineers ID Process: CPI identification Threat Assessment: Foreign collection threat informed by Intelligence and CI assessments and ATEA Countermeasures: AT, Classification, Export Controls, Security, Foreign Disclosure, and CI activities Focus: “Keep secret stuff in” by protecting key capabilities and sensitive technologies What: Mission-critical elements and components Who Identifies: Systems Engineers, Logisticians ID Process: Criticality Analysis Threat Assessment: Defense Intelligence Agency Supply Chain Risk Mgmt Threat Assessment Ctr (DIA SCRM TAC) Countermeasures: SCRM, SSE, Anti-Counterfeits, Software Assurance, Trusted Foundry, etc Focus: “Keep malicious stuff out” by protecting key mission-related trusted networks and components Protect Warfighting Capability Throughout the Life Cycle

  44. International Security Basics Fundamental Security Considerations Access Protection + Foreign Governments/Industry Must Agree in Writing: • Not to transfer or usebeyond authorized purposes without U.S. consent • Recipient must provide substantially the same degree of protection as U.S. Forms of Commitment Include: No written commitment to protect by foreign entity = no transfer! ExportControl Documents ICP Agreements FMS LOAs

  45. Export Authorizations Examples • DSP-x (5, 61, 73, 85) • Tech Asst Agreements (TAA) • Mfg License Agreement (MLA) • Whse & Distribution Agreement (WDA) • ITAR Exemptions (may involve DoD) • Overall Categorizations: • EAR 99 (general) • Export Control Classification Number (ECCN) (specific) • Licenses may be required by exception based on destination, parties involved, and/or end use Defense Technology Security Administration (DTSA) coordinates for DoD Arms Export Control Act – State Dept • Implemented by the International Traffic in Arms Regulations (ITAR) – most licensing case-by-case • Contains the United States Munitions List (USML) – defense articles and services • Administered by the Directorate of Defense Trade Controls (DDTC) Export Administration Act – Commerce Dept • Implemented by the Export Administration Regulations (EAR) – most licensing is ‘by exception’ • Contains the Commerce Control List (CCL) – dual-use items and ECCN “600 series” transferred items • Administered by the Bureau of Industry &Security (BIS) 45

More Related