Transcript Organization chart

UNCLASSIFIED
Foreign Ownership, Control, or Influence (FOCI)
August 2009
UNCLASSIFIED
UNCLASSIFIED
(U) Scope of the DSS Security Mission
Oversee National Industrial
Security Program
Integrate Counterintelligence
• 4,242 CI Suspicious Contact Reports (FY09 YTD)
• 421 Intelligence Information Reports (FY09 YTD)
• 14,537 personnel received Counterintelligence Threat
Awareness Briefings (FY09 YTD)
• 6 IS Reps are signed up to take CI Fundamentals
course at JCITA
• 3 IS Reps are signed up to take the CI Research
Development & Acquisition Course at JCITA
• Enhancing relationship with LE/CI Communities
12,801 active, cleared facilities in NISP
Clear and inspect facilities
• 9,100 inspections (FY08)
• 1,791 new facility clearances granted (FY08)
• 14,355 accredited systems in industry
Adjudicate Industry Security Clearances (DISCO)
• More than 1M cleared contractors (June 30)
• 180,600 Personnel Security Adjudications
(FY08)
• 13 days average to process all initial clearances
by IRTPA measures
Fund NISP Personnel Security Investigations
• $224.88M beginning NISP PSI funds (FY09)
• Estimated $159M expended as of June 27
Provide Foreign Ownership, Control or
Influence mitigation/international
675 FOCI facilities
• 252 FOCI mitigation agreements
• Support to 65 Foreign Countries
• NISP Support to 23 Government Agencies
•
Provide information technology
services
100,000+ worldwide users
• 6 Legacy Security Systems
• 6 System Enhancements in Development
• 5 New Initiatives in Planning Phase
• Renewed Emphasis on IS Automation
• Transition PSI security systems
Secure
Industrial
Base
Deliver security education and
training
DoD & NISP Functional Manager
• 64,778 students trained to date (FY09)
• 53,569 students trained (FY08)
• 400% increase over FY04
-2-
UNCLASSIFIED
(U) DSS Goals
Strengthen and refocus DSS on NISP and SETA Programs and ensure effective
oversight/management of NISP
Oversee National Industrial
Security Program
 Reduce ratio of industrial security professionals to
cleared facilities
 Enhance current Facilities of Interest List with
additional CI and other risk factors
 Establish professional development and
certification program for Industrial Security personnel
 Enhance current internal industrial security
information management system
Integrate Counterintelligence
 Strengthen Counterintelligence in industry
 Facilitate industry access to threat information
 Continue to integrate CI into Industrial Security Program
 Continue staff augmentation to tailor and expand CI
services to Cleared Defense Contractors,
 Continue Counterintelligence and Law Enforcement Interagency community outreach
Provide information technology
services
Provide Foreign Ownership, Control
or Influence mitigation/international
 Transfer legacy systems associated with personnel
security function
 Retain Industrial Security Facilities Database (ISFD) and
Electronic Network Registration and Online Learning
(ENROL) and develop next generation system
 Enhance Foreign Ownership, Control or Influence
(FOCI) analytic branch to ensure proper reporting and
develop trends in FOCI
 Develop financial analysis cell to assess FOCI by
foreign investment entities
 Refine processes in the FOCI and International
Branches
 Develop policies and procedures for DSS overseas
presence
Deliver security education and
training
 Continue creation of web-based training
 Address Stakeholder training by updating courses
 Professionalize the security career field across DoD
-3-
UNCLASSIFIED
(U) National Industrial Security Program Authorities/Responsibilities
Executive Order 12829, National Industrial Security Program (NISP), defines authorities & assigns
responsibilities. Purpose is protection of classified information released to contractors.
National Security Council (NSC) provides overall policy direction.
Information Security Oversight Office (ISOO)
• Implementation and oversight
• Chairs NISP Policy Advisory Committee (NISPPAC)
DoD is the Executive Agent Responsible for:
• Issuance/updating NISP Operating Manual (NISPOM)
• Operational oversight (except ODNI/CIA, DOE, NRC)
DSS is the DoD Cognizant Security Office
• Administers NISP on behalf of DoD and 23 non-DoD agencies
• Clears companies and their employees
• Conducts oversight
UNCLASSIFIED
UNCLASSIFIED
(U) Basis for FOCI Oversight and Compliance
Federal Acquisition Regulations
• Require government contracting activities to insert a Security Clause (FAR 52.204-2)
whenever a contract requires access to classified information.
• Security Clause requires contractors to protect classified information in accordance with
standards established in NISPOM.
DoD Security Agreement
• As prerequisite for facility clearance (FCL), DoD cleared companies execute DoD Security
Agreement.
• Agreement allows for termination by either party with 30 days notice.
• By executing DoD Security Agreement, companies agree to:
• Implement protection standards for industry established in NISPOM.
• Allow DoD to conduct compliance inspections (Unsatisfactory rating can lead to FCL
revocation).
Key NISPOM Requirements
• Reporting of material/significant changes to information provided by company on Certificate
Pertaining to Foreign Interests, SF 328.
• Report when entering into “Discussions, consultations or agreements” that may lead to
acquisition by a foreign interest.
• Companies must agree to an acceptable FOCI mitigation measure prior to closing of foreign
acquisition or suffer invalidation (invalidation of the FCL automatically renders a contractor
ineligible to bid on new classified contracts or to receive new classified material).
UNCLASSIFIED
UNCLASSIFIED
(U) FOCI and CFIUS
• Parallel but separate - “The Committee on Foreign Investment in the U.S.
(CFIUS) review and the FOCI review are carried out in two parallel but
separate processes with different time constraints and considerations.”
• Narrower scope - “A U.S. company is considered under FOCI whenever a
foreign interest has the power, direct or indirect, whether or not exercised, and
whether or not exercisable through the ownership of the U.S. company’s
securities, by contractual arrangements or other means, to direct or decide
matters affecting the management or operations of that company in a manner
which may result in unauthorized access to classified information or may
adversely affect the performance of classified contracts”
• Recurring Oversight – DSS conducts annual inspections of 252 companies
cleared under FOCI mitigation agreements (675 cleared facilities, includes
branches, subsidiaries).
(Source: NISPOM 2-310b, 2-300a)
UNCLASSIFIED
UNCLASSIFIED
(U) FOCI Adjudication
DSS considers the following factors (in relation to the company, the foreign
interest and the government of the foreign interest) in the aggregate to
determine if a company is under FOCI, its eligibility for a clearance, and the
protective measures required:
• Record of economic and government espionage against U.S.
• History of cooperation on technology transfer
• Type and sensitivity of information that will be accessed
• Source, nature and extent of FOCI
• Company’s record of compliance with U.S. laws, regulations, and contracts
• Nature of bilateral or multilateral security agreements with the foreign government
• Foreign government ownership or control
(Source: NISPOM 2-301)
UNCLASSIFIED
UNCLASSIFIED
(U) FOCI Mitigation Agreements: Use depends on extent and nature of FOCI
• Board Resolution (BR)
•
•
•
Foreign interest has minority ownership insufficient to elect board members
BR identifies foreign shareholder and security requirements
No access limitations
• Security Control Agreement (SCA)
•
•
•
Foreign interest has minority ownership sufficient to elect board members
SCA requires 1-3 disinterested, cleared, U.S. citizen Outside Directors
No access limitations
• Special Security Agreement (SSA)
•
•
•
Foreign interest has majority ownership and effectively controls company
SSA requires 2+ disinterested, cleared, U.S. citizen Outside Directors
Access to Proscribed Information* requires a National Interest Determination
• Proxy Agreement (PA)
•
•
•
PA requires foreign interest to convey most voting rights, independence
Requires cleared, disinterested, U.S. citizen proxy holders
No access limitations
• Voting Trust (VT)
•
•
•
VT requires foreign interest to convey legal title, independence
Requires cleared, disinterested, U.S. citizen trustees
No access limitations
* Proscribed Information includes Top Secret, COMSEC, RD, SAP, or SCI
UNCLASSIFIED
(Source: NISPOM 2-303)
UNCLASSIFIED
Questions?
-9-