The federal government spends billions annually to develop and acquire advanced technologies. It permits the sale and transfer of some of these technologies to allies to promote U.S. national security, foreign policy, and economic interests. These critical technologies—such as elements of artificial intelligence and biotechnology—are necessary to maintain U.S. technological superiority. As such, they are frequently the target of theft, espionage, and illegal export by adversaries.
The John S. McCain National Defense Authorization Act for Fiscal Year 2019 requires the Secretary of Defense to develop and maintain a list of acquisition programs, technologies, manufacturing capabilities, and research areas that are critical for preserving U.S. national security advantages.
The Department of Defense (DOD) has outlined a revised process to better identify and protect its critical technologies including those associated with acquisition programs throughout their lifecycle or those early in development. Prior DOD efforts to identify these technologies were considered by some military officials to be too broad to adequately guide protection. The revised process is expected to address this by offering more specificity about what elements of an acquisition program or technology need to be protected and the protection measures DOD is expected to implement. It is also expected to support DOD’s annual input to the National Strategy for Critical and Emerging Technologies, which was first published in October 2020. According to DOD officials, the National Security Council coordinated with roughly 15 federal agencies to ensure a whole of government approach for this strategy. The strategy states that the U.S. will lead in the highest-priority critical and emerging technology areas, contribute as a peer with allies and partners in high-priority areas, and manage technology risks in others
A January 12 report from the Government Accountability Office (GAO) says DOD began implementing this process in February 2020, and officials expect to complete all steps for the first time by September 2021. DOD has focused on identifying critical acquisition programs and technologies that need to be protected and how they should be protected. But GAO found it has not yet determined how it will communicate the list internally and to other agencies, which metrics it will use to assess protection measures, and which organization will oversee future protection efforts.
Once completed, the revised process should also inform DOD and other federal agencies’ protection efforts. Military officials told GAO’s review that they could use the list of critical acquisition programs and technologies to better direct resources. Officials from the Departments of State, Commerce, and the Treasury also told the watchdog that they could use the list, if it is effectively communicated, to better understand what is important to DOD to help ensure protection through their respective programs.
GAO is recommending that DOD specify how it will communicate its critical programs and technologies list, develop metrics to assess protection measures, and select the DOD organization that will oversee protection efforts beyond 2020.
DOD concurred with the first recommendation to establish a process for communicating its critical acquisition programs and technologies list, and stated that disseminating the list to all relevant internal and external technology protection stakeholders is key to the department’s efforts to protect critical technologies. DOD partially concurred with GAO’s second and third recommendations. DOD said it recognized the need to identify mechanisms that can assess the effectiveness of performance measures as well as the need for department-wide collaborative efforts to protect critical technologies. DOD also stated that the Deputy Secretary of Defense is considering options for future technology protection roles and responsibilities, which may include metrics or other mechanisms to ensure effective implementation of protection requirements across the department.