by Jay P. Urwitz
For at least a year, Pentagon officials, from the Defense secretary down, have expressed the need to find a way to allow U.S. and NATO defense contractors to merge. As separate U.S. and European mergers have taken place during the last few years, the prospect of a Fortress America and Fortress Europe has grown precisely at the time when most officials think that the need for integration has increased. Combined military actions, such as these in Kosovo, make it more important that each country have sophisticated knowledge of the armaments being used by its allies. There will also be economic efficiencies from contractor integration.
But this objective runs into the strong concern about the security of defense-sensitive information. Contractors know the technical specifications of the products they are developing, they know about sensitive defense and intelligence operations, and they often know where critical personnel are stationed. Nobody wants to see this information land in the wrong places, and there is an underlying concern that foreign contractors won't be as secure with it.
Faced with this tension, the Pentagon has refrained from establishing general policies to spur integration. Instead, it has only engaged in ad hoc liberalization. For instance, just this month, British Aerospace announced that the U.S. government would consider the firm to be "American," which would presumably free it from the extra constraints on foreign acquisitions.
But there is a more general way to promote integration without giving up on security. The Defense Department can allow the acquisitions, but be scrupulous about protecting classified information and defense-sensitive data about classified programs from the eyes of the foreign owner. This will allow the integration of the nonclassified operations of European and U.S. contractors. As that integration takes place, both business and U.S. officials will see where real issues arise about information security or other Pentagon concerns.
There is no substitute for real experience in seeing what protections are necessary. Actual business integration will cause Defense officials and company security and company business executives to come together on practices, and a workable policy will emerge.
The Defense Department allows foreign owner oversight now through its Special Security Agreement (SSA) with foreign companies. But the SSA is so overladen with requirements that it is often unattractive to foreign investors. Those requirements can be removed without significantly raising the threat to information security.
The SSA is an alternative to the proxy agreement, which the Defense Department has traditionally used to isolate the U.S. subsidiary that does classified work from its European parent. The business then is run by a proxy board of Americans, who cannot be removed by the parent except in dire circumstances. This is unattractive to most businesses and has dampened foreign interest in U.S. defense contractors.
Under the SSA, on the other hand, the European parent can appoint its own personnel as "inside" directors of the subsidiary and also name officer/directors of the company. The primary protection is that this SSA requires outside directors who are Americans with classified clearances. Their function is to ensure the security of classified or other controlled information. They deal with the company's executives and facility security officer to ensure that there are systems to prevent security breaches.
But one of the SSA's requirements has made it unattractive. The SSA requires that an agency that wants to provide a contractor with a request for proposals (RFP) must first make a National Interest Determination (NID) that there is a national need to allow the SSA company to compete. This must be done on a program-by-program basis. It often takes months for an agency to make an NID, and many times a company is required to show why it should be allowed to compete.
Allow the defense security function to be handled by the independent U.S. board members who have been designated to oversee it. Issues may arise in how RFPs are received and handled and how the contracts themselves are fulfilled. Issues will arise about what aspects of the company the foreign parent can run. But this is precisely the point - there is no way to promote integration without figuring how each of the government's legitimate objectives will interact.
The best way to protect security in this mix is when a specially charged group of powerful people are involved in the planning. And most foreign acquirers are likely to be comfortable with this; after all, even Americans without security clearances can't know what is going on in classified programs. The Defense Department should be promoting this solution, rather than encumbering it with requirements such as the NID that no longer meet our overall objectives.
For at least a year, Pentagon officials, from the Defense secretary down, have expressed the need to find a way to allow U.S. and NATO defense contractors to merge. As separate U.S. and European mergers have taken place during the last few years, the prospect of a Fortress America and Fortress Europe has grown precisely at the time when most officials think that the need for integration has increased. Combined military actions, such as these in Kosovo, make it more important that each country have sophisticated knowledge of the armaments being used by its allies. There will also be economic efficiencies from contractor integration.
But this objective runs into the strong concern about the security of defense-sensitive information. Contractors know the technical specifications of the products they are developing, they know about sensitive defense and intelligence operations, and they often know where critical personnel are stationed. Nobody wants to see this information land in the wrong places, and there is an underlying concern that foreign contractors won't be as secure with it.
Faced with this tension, the Pentagon has refrained from establishing general policies to spur integration. Instead, it has only engaged in ad hoc liberalization. For instance, just this month, British Aerospace announced that the U.S. government would consider the firm to be "American," which would presumably free it from the extra constraints on foreign acquisitions.
But there is a more general way to promote integration without giving up on security. The Defense Department can allow the acquisitions, but be scrupulous about protecting classified information and defense-sensitive data about classified programs from the eyes of the foreign owner. This will allow the integration of the nonclassified operations of European and U.S. contractors. As that integration takes place, both business and U.S. officials will see where real issues arise about information security or other Pentagon concerns.
There is no substitute for real experience in seeing what protections are necessary. Actual business integration will cause Defense officials and company security and company business executives to come together on practices, and a workable policy will emerge.
The Defense Department allows foreign owner oversight now through its Special Security Agreement (SSA) with foreign companies. But the SSA is so overladen with requirements that it is often unattractive to foreign investors. Those requirements can be removed without significantly raising the threat to information security.
The SSA is an alternative to the proxy agreement, which the Defense Department has traditionally used to isolate the U.S. subsidiary that does classified work from its European parent. The business then is run by a proxy board of Americans, who cannot be removed by the parent except in dire circumstances. This is unattractive to most businesses and has dampened foreign interest in U.S. defense contractors.
Under the SSA, on the other hand, the European parent can appoint its own personnel as "inside" directors of the subsidiary and also name officer/directors of the company. The primary protection is that this SSA requires outside directors who are Americans with classified clearances. Their function is to ensure the security of classified or other controlled information. They deal with the company's executives and facility security officer to ensure that there are systems to prevent security breaches.
But one of the SSA's requirements has made it unattractive. The SSA requires that an agency that wants to provide a contractor with a request for proposals (RFP) must first make a National Interest Determination (NID) that there is a national need to allow the SSA company to compete. This must be done on a program-by-program basis. It often takes months for an agency to make an NID, and many times a company is required to show why it should be allowed to compete.
Allow the defense security function to be handled by the independent U.S. board members who have been designated to oversee it. Issues may arise in how RFPs are received and handled and how the contracts themselves are fulfilled. Issues will arise about what aspects of the company the foreign parent can run. But this is precisely the point - there is no way to promote integration without figuring how each of the government's legitimate objectives will interact.
The best way to protect security in this mix is when a specially charged group of powerful people are involved in the planning. And most foreign acquirers are likely to be comfortable with this; after all, even Americans without security clearances can't know what is going on in classified programs. The Defense Department should be promoting this solution, rather than encumbering it with requirements such as the NID that no longer meet our overall objectives.
This article first appeared in Aviation Week & Space Technology.