.bmp)
.bmp)
The Defense Department hasn't kept close enough watch over the contractors working on its most important aircraft program, the Joint Strike Fighter. And as a result, "the advanced aviation and weapons technology for the JSF program may have been compromised," the Department of Defense's Inspector General notes in a report, obtained by the Project on Government Oversight.The Pentagon is working with eight other countries to build a single, stealthy, single-engine fighter that is supposed to be a low-cost replacement for a huge variety of aircraft-the A-10, F-16, F/A-18, even the British Harrier jump jets. More than 2,400 JSFs are planned over the next several decades, at a cost of $337 billion.But monitoring the 1,200 contractors working on the planes has proved to be a herculean effort for the Pentagon's Defense Security Service, or DSS. The Inspector General's report doesn't list any specific cases of classified information breaches. But it does state, repeatedly, that the DSS cut regulatory corners, meant to protect the stealth jet's secrets. "DoD [Department of Defense] did not always employ sufficient controls to evaluate and correct potential unauthorized access to classified U.S. technology," the report observes.In particular, the audit found problems with how the Defense Department oversaw BAE Systems, the London-based arms-maker.Defense Security Service officials conducted security reviews at BAE Systems facilities.But the didn't bother to check up on the company's internal audits-reports that would have "helped the Defense Security Service to evaluate and address potential security weaknesses at BAE Systems, the primary foreign-owned contractor supporting the strike fighter program."For example, the report notes, the Defense Security Service:*did not obtain and assess... at least redacted BAE Systems’ reports discussing over security weaknesses in controls over classified technology at BAE Systems facilities for 2004 and 2005;
*did not identify redacted percent of the security weaknesses identified by BAE Systems when both audited the same facilities; and
*established an unauthorized policy of discarding security reports after 2 years, thereby preventing our verification of the resolution of security weaknesses identified in 2001, 2002, and 2003.
In fact, BAE Systems appeared to reject requests for the security reports, saying that "all information contained in the internal audits was privileged and not available to the Government, despite the requirement in the SSA [Special Security Agreement] that the contractor submits those reports to DoD [Department of Defense] for review and appropriate action.DSS did not challenge BAE Systems' claim that the internal audits are privileged and not subject to Government review.Rather than treating contractors' audit reports as useful tools to complement the industrial security assessments, DSS classifies all contractor reports as "routine correspondence" and destroys them after two years."How can the Pentagon security agency allow BAE, its contractor, to deny access to these security records?" Nick Schwellenbach, a Project on Government Oversight national security investigator, asked in a statement. "This is government information and BAE is stiff-arming the Pentagon."
http://blog.wired.com/defense/2008/05/jsf-security-co.html
*did not identify redacted percent of the security weaknesses identified by BAE Systems when both audited the same facilities; and
*established an unauthorized policy of discarding security reports after 2 years, thereby preventing our verification of the resolution of security weaknesses identified in 2001, 2002, and 2003.
In fact, BAE Systems appeared to reject requests for the security reports, saying that "all information contained in the internal audits was privileged and not available to the Government, despite the requirement in the SSA [Special Security Agreement] that the contractor submits those reports to DoD [Department of Defense] for review and appropriate action.DSS did not challenge BAE Systems' claim that the internal audits are privileged and not subject to Government review.Rather than treating contractors' audit reports as useful tools to complement the industrial security assessments, DSS classifies all contractor reports as "routine correspondence" and destroys them after two years."How can the Pentagon security agency allow BAE, its contractor, to deny access to these security records?" Nick Schwellenbach, a Project on Government Oversight national security investigator, asked in a statement. "This is government information and BAE is stiff-arming the Pentagon."
http://blog.wired.com/defense/2008/05/jsf-security-co.html
As in the days of Noah...
