SUBJECT: PROPOSED SECURITY CONTROLS ON DEFENSE RESEARCH 白皮书
外壳:
(1) OSD Memorandum, "Research and Technology Protection Within the DoD," 25 March 2002
(2) DEPSECDEF Memorandum, "Technology Protection," 17 February 2000
(3) DoD Directive 5200.39, "Research and Technology Protection within the Department of Defense"
(4)DoD 5200.39-R, "Mandatory Procedures for Research and Technology Protection within the DoD"
(5) ASD(C3I) Memorandum, "Research and Technology Protection within the Defense Department, 30 January 2002
(6)国家安全决策指令189,“科学,技术和工程信息转移的国家政策”,1985年9月21日BACKGROUNDEnclosure (1) underscores the strong role that technology plays in the nation's defense and economic competitiveness. The memorandum's three signatories (Hon. E.C. Aldridge, Hon. J.P. Stenbit, and Hon. T.P. Christie) therefore resolve to protect U.S. research and technology from America's military adversaries and industrial rivals, and agree to work together to accomplish that goal. 概述
In short, the memorandum expresses a commitment to protect what is critical to national security. It therefore reinforces long-standing national policy that requires the Departrnent of Defense (DoD) to protect research-- when national security requires it-- through the classification process, and to protect technology through a number of means, one of which is classification. The key point in the memorandum is a request that the Office of the Secretary of Defense (OSD) and the Military Departments complete coordination, within 30 days, on two directives sponsored by the Counter-Intelligence (CI)/Security community. Unlike the memorandum, those documents advocate sharp deviations from existing policies.
正如目前,指令草案与国家安全要求时规定使用分类过程的科学信息政策相矛盾。他们与现有的国防部政策相矛盾,该政策专门禁止为科学技术(S&T)项目收集反智能“列表”。他们提出了一个CI/安全数据库,该数据库重复了军事重要技术列表的功能,这是一个现有的数据库,由国防安全服务公司的反智能办公室广泛使用,以开发其年度威胁评估。和,它们创造了对刑事制裁的可能性,以针对发表未分类研究的个人。
This paper is intended to: (1) help meet the commitment of OSD's tripartite memorandum, (2) assist the CI/Security community in its legitimate and important role to target, collect, and disseminate relevant threat data to appropriate RDT&E facility personnel, (3) correct two misleading inaccuracies that are being used to justify changes in national policy, and (4) ensure that defense S&T will not be harmed by the very measures designed to protect it.
2000年2月17日,前国防部副部长约翰·哈姆雷(John Hamre)博士发布了一系列备忘录,以解决国防部实验室和测试与评估中心的安全和反情报(CI)。这些备忘录传达了许多改善安全程序的建议。由执行级官员组成的总体综合流程团队(OIPT)1, developed the proposals. Dr. D. Etter, the former DUSD (S&T), chaired the group.
1Dr. A. Michael Andrews, II (HQ Army (SARD-ZT), Dr. William 0. Berry (ARFL/DC), RADM Paul G. Gaffney, II (Chief of Naval Research), W. John Gehrig (DOT&E(R&R)), Mr. Walter W. Hollis (DUSA Operations Research), Mr. David Crane (DODIG/OIR), Mr. Peter Batten (OUSD(P)PS), Mr. Ronald G. Garant (OUSD(C)), Mr. Peter Lennon (USD(AT&L)ARA), and Mr. Bill Leonard (DASD(S&IO)).
Hamre博士在围栏(2)中指导的行动之一是为指挥,控制,通讯和情报(ASD C3I)的助理国防部长和国防部以获取,技术与物流(USD AT&L)的要求创建一个需要服务的指令,以开发“针对非科学和技术(S&T)计划的特定网站特定计划列表”。关键程序信息(CPI)是用于控制某些收购类别(ACAT)程序中信息的指定者,因此,Hamre博士备忘录的效果是将其使用扩展到其他ACAT程序中,并将其扩展到非ACAT RDT&E程序中,除了S&T(即6.1、6.2和6.3)。In short, Dr. Hamre's memo-- from its title to its text-- pertained only to "technology" protection.ISSUE
ASD(C3I)已正式提交了两个指令,即(3)和(4),以在军事部门和国防部长办公室之间进行协调。与规定的DEPSECDEF政策相反,他们要求所有收购计划在所有RDT&E预算类别中都确定CPI,包括S&T。使用所有非收购活动都需要使用类似CPI的指定器,称为关键研究技术(CRT),并将其应用于“ RDT&E的所有七个子类别”,包括S&T(Encl。3,P.2)。既定的目标是“保护国防部资助的研究和技术”。作为外壳(5)提供的ASD(C3I)备忘录特别敦促保护“从DOD资助的基础研究中的想法阶段开始”。
PROPOSED PROCESS FOR PROTECTING RESEARCH
Once a project is designated as CPI, or CRT, specific requirements and procedures become mandatory. For example:
This last requirement is not trivial because universities, industry, federally funded R&D centers, and nonprofits perform 64% of all DoD-funded research (6.1 and 6.2).2The actual figure is higher because the DoD laboratories outsource a significant amount of their work.
- Any incidents of loss, compromise, or theft of identified CPI or CRT must be reported (Encl.3, p.4).
- 所有CRT必须在以下警告中适当标记(Encl。4,p。28):
“该材料包含由Dodd 5200.39定义的关键研究技术。未经授权的披露受到行政和/或criminal sanctions(添加了强调)。需要具体的外国传播正式授权。”
- Foreign travel of personnel with access to CPI or CRT must be reported to security and CI organizations (Encl. 3, p.4).
- The ASD(C3I) will maintain a "Horizontal Assessment and Protection Database" that identifies all CPI and CRT requiring protection. Horizontal assessment and protection refers to a process ensuring that research in more than one organization is protected to the same degree by all organizations (Encl. 3, p. 13).
- A Defense Research and Technology Protection Council will provide oversight for seamless integration of CPI and CRT protection within DoD (Encl.3, p.4).
- DOD组件必须包括适当的要求,以保护外部合同和赠款中的研究(ENCL。3,p.9),而国防安全局必须在承包商设施中进行定期安全评估(Encl。3,p.7)。
2AAAS报告XXVI:研发2002财年
最后,应该注意的是,CRT名称适用于未分类的信息。所以,这些程序创造了有可能针对发表未分类研究的个人进行刑事制裁,或者未根据规定的措施来控制它。ANALYSIS AND FINDINGS
A. THE DIRECTIVES CONTRADICT NATIONAL AND DOD RESEARCH POLICY
Enclosure (6),国家安全决定Direclive(NSDD)189, codifies national policy on the transfer of scientific, technical and engineering information. Research is defined by the 16-year-old policy as basic and applied research (6.1 and 6.2) in science and engineering. It stipulates that,
"where the national security requires control, the mechanism for control of information generated during federally-funded fundamental research in science, technology, and engineering at colleges, universities and laboratories is classification."
换句话说,当研究需要保护时,分类是国家政策允许的唯一工具。NSDD 189认可了这种方法,因为美国科学的力量需要“自由交流思想是至关重要的组成部分的环境”。However, the Directives require that research be protected by means in addition to classification, i.e., the CPI and CRT control procedures. The Directives state that they "recognize the normally unrestricted nature of fundamental research, as identified in National Security Decision Directive 189" (Encl. 3, p.2), and have "implemented relevant portions" of it (Encl. 3, p.1).That claim is misleading because the Directives clearly violate national policy。
另一个误导性的主张是由围栏(5)提出的,这是一份ASD(C3I)备忘录,以证明研究控制的合理性。它指出,Hamre博士的备忘录(即围栏(2),“指示ASD(C3I),并在USD(P)和USD(AT&L)的支持下进行修改或创建DOD指令,并定义一个新的过程或整合保护研究和技术的支持的纪律……”(第5页,第1页)。
But the former DEPSECDEF's statements are very different from those offered by the ASD(C3I) memo.Not only is the word "research" never used by Dr. Hamre, but he specifically excluded S&T from any controls. Quoting from the same source cited by the ASD(C3I) memo, Dr. Hamre in fact stated:
“我直接采取以下旨在改善的计划的行动technology(emphasis added) protection of acquisition programs...implement a new program of integrated support to tailortechnology(emphasis added) protection for individual RDT&E sites, including development of site-specific lists of critical program information fornon-S&T(添加了强调)程序。”
B. THE PROPOSED ASD(C3I) DATABASE DUPLICATES FUNCTIONS OF THE MILITARILY CRITICAL TECHNOLOGIES LISTRecommendation #1.Delete the requirement to protect research outside of the classification process (e.g., eliminate CRT), and reorient the Directives' focus toward protecting critical technologies (as required by enclosure (2)). This would ensure that the Directives are in conformance with national and DoD policy, as well as avoid the possibility of criminal sanctions being brought against individuals publishing unclassified research. This reorientation also raises the option of using the Militarily Critical Technologies List (MCTL) as a vehicle to accomplish the goals of the CI/Security community (see following section).
MCTL确定了新兴的军事至关重要的技术。实际上,MCTL过程审查了6,000多种技术,并确定了2个军事重要的技术,然后将其输入到MCTL数据库中。总共选择了656个对军事至关重要的选择。简而言之,MCTL过程似乎可以确定CI/安全社区寻求保护侵害的技术。
Example.MCTL标识“自动目标识别(ATR) Algorithms" as an emerging militarily critical technology. Two pages in the manual are devoted to explaining the technology, its applications, and why it is important. A worldwide technology assessment is included, which shows the U.S., United Kingdom, Sweden, and France to be leaders, with China and Russia engaging in limited R&D. Finally, a list of countries and their respective organizations conducting this work are identified. The U.S. sites engaged in ATR algorithms include the Massachusetts Institute of Technology, Boeing, Air Force Research Laboratory, Washington University, Naval Research Laboratory, Raytheon, University of Missouri, SRI, Carnegie Mellon University, Lockheed Martin, etc.
The general features of the MCTL process are as follows.3基于这些功能,MCTL过程似乎是提出数据库的成本效益替代方法。实际上,国防安全局(DSS)反情报办公室使用MCTL编译其年度报告“美国国防工业的技术收集趋势”。它的2000年报告指出,“ DSS文件并审查了MCTL所描述的类别中对美国国防技术的利益”。4 DSS CI办公室的使用表明,MCTL可能满足CI/安全社区的目标,收集和传播相关威胁数据以适当的RDT&E设施人员。
- The process is a systematic and ongoing assessment of technologies to determine which technologies are militarily critical.
- Technologies are selected by working groups of technical experts from government, industry and academia.
- 确定了这项工作的国内表演者,包括政府实验室,工业公司和大学。
- 确定了在同一领域进行工作的其他国家,并评估其工作程度。
3http://www.dtic.mil/mctl/
4国防安全服务,“ 2000年美国国防工业的技术收集趋势”,第4页。
However, if the MCTL has inadequacies that lead to doubts about its efficacy, perhaps DoD's resources would be better spent modifying the MCTL process instead of creating a new and duplicative process. Moreover,避免不必要的投资成本将达到美元(AT&L)业务倡议委员会(BIC)的目标,该委员会将确定和实施允许将储蓄重新分配给更高优先事项的商业改革。Recommendation #2.Consider the MCTL as a cost-effective alternative to the proposed ASD(C3I) Horizontal Assessment and Protection Database (HAPD). If the HAPD is already in existence, then evaluate the merits of pursuing its elimination as a cost-reduction initiative under the auspices of the USD(AT&L) BIC.
C. CRT的定义足够广泛,可以包括所有防御RDT&eCRT5is defined as "RDT&E information identified and prioritized by site directors and managers that可能(emphasis added) be important to maintaining the U.S. warfighters' operational advantage when the resulting capability becomes part of a future DoD acquisition program or system." (Encl. 3, p. 12)
5Before the CI/Security community decided to call it Critical Research Technology, the designator went through many evolutions: Critical Research Information (12 July 00), RDT&E Information (26 July 00), Critical Technology (6 September 00), and Critical Research Information and Technology (23 October 00). The almost interchangeable manner in which the terms research and technology are used here, in the Directives, and in the ASD(C3I) memo, suggest the possibility that the CI/Security community does not fully understand what it seeks to control.
该定义足够广泛,可以应用于所有DOD资助的工作。希望所有由国防部资助的RDT&E“对于维持美国战士的运营优势可能很重要”。从逻辑上讲,该定义的措辞以仅排除RDT&E的方式will notbe important. Moreover, in a competitive budget environment, there will be a strong propensity for managers to designate their projects as critical. To manage work that is not critical is to risk having your funding cut for work that is.由于这些原因,与MCTL的系统,专家驱动的过程相比,为HAPD收集的CRT数据可能会少得多。
Recommendation #3.使用MCTL识别候选CPI并将CPI的使用仅在6.4及以上扩展到非S&T项目(围栏中的每个DEPSECDEF指南(2))。
D. THE CASE FOR CHANGING CURRENT RESEARCH PROTECTION POLICY LACKS CREDIBILITYPerhaps the key question is--what event(s) have occurred that support more rigorous control of scientific information than the security measures used during the Cold War?ASD(C3I)备忘录的外壳(5)基于CI/安全界的论点,以更严格的研究保护:
But in all five cases the stated concern is technology, not research.The CI/Security community has clearly not made a credible argument to support strict new measures beyond existing national policy codified in NSDD 189-- which is to use the classification process when a need arises for protecting scientific information.
- Three classified reports in 1994 detailing the loss oftechnologies(添加了重点)在RDT&E社区(Encl。5,p.2)。
- 2001年11月的GAO致Secdef的信列举了国会任务,以评估国会,“美国为限制外国国家访问的努力sensitive echnologies(强调)…" (Encl. 5, p.3)
- Executive Order 13222 that stated, "the unrestricted access of foreign parties to U.S.商品和技术(强调)…构成一个不寻常的和extraordinary threat to national security, foreign policy, and the economy of the U.S." (Encl. 5, p.3)
- 第310条修订了1950年的《国防生产法》,“国防部长应确定关键组件和关键技术项目(emphasis added) for each item on the Critical Items list of the Commanders-in-Chief... " (Encl. 5, p.3)
- CI检查确定了RDT&E网站的实践,这些检查将提高DOD保护双重使用和领先优势的能力military technologies(强调)…"(Encl. 5, p.2)
AN OLD DEBATE
The question of how far to go in protecting research was debated throughout the Cold War. In an article published in the华尔街日报in 1982, Secretary of Defense C. Weinberger stated that the Soviets had "organized a massive, systematic effort to get advanced technology from the West." ADM B. Inman, then Deputy Director of the CIA, followed that article by suggesting to an American Association for the Advancement of Science (AAAS) conference that the scientific connnunity should be more cooperative by voluntarily submitting research results to prepublication review by appropriate government agencies.
In the wake of those remarks, a study sponsored by the DoD, National Science Foundation, AAAS, and National Academy of Sciences, was conducted to examine the relationship between scientific communication and national security in light of the growing concern that foreign nations were gaining military advantage from such research.6Two central conclusions of the "Corson Study" were as follows.
“美国的技术领导力在很大程度上是基于科学基础,其活力反过来取决于科学家之间以及科学家和工程师之间的有效沟通。因此,通过限制信息流来实现的短期安全性是在购买的价格。”
另一份国防部报告也表达了类似的发现。"In the view of the Panel, security by accomplishment may have more to offer as a general national strategy. The long-term security of the U.S. depends in large part on its economic, technical, scientific and intellectual vitality, which in turn depends on the vigorous research and development effort that openness helps to nurture."
6National Academy of Sciences, "Scientific Communication and National Security" (1982), p. ix. Study members included Dale Corson, Chairman, (at that time President Emeritus, Cornell), James Killian (former Presidential Science Advisor), Wolfgang Panofsky (former member President's Science Advisory Committee), William Perry (former SECDEF), and Samuel Phillips (former Director, NSA).
"A vast and growing amount of important work is being done by scientists in all countries. This is grist for our technological mill, and we can substantially benefit by making possible the free interchange of ideas, by publication and in person...Nor can we ignore the fact that maintenance of communications of research findings with other countries, including Russia, can be highly beneficial to advancement of scientific knowledge(添加了强调)。"7
第二份报告强劲的倡导的科学openness, in particular with Russia, sounds like post-Cold War policy. Instead, the above quote is from a briefing given before the National Security Council (NSC) on 31 May 1956--less than seven months after the Soviet Union's first successful test of an aircraft-dropped hydrogen bomb.7Office of the Assistant Secretary of Defense (Research and Development), "Maintenance of Technological Superiority: Presentation Before the National Security Council," (31 May 1956).
It is interesting to contrast the tone of those two Cold War reports with that of the ASD(C3I) memorandum, which states:
"based on their ongoing open exchange relationships and shared methodologies with foreign scientists, the RDT&E community may be reluctant to be accountable for actions / inactions to protect leading edge military research... (Encl. 5, p.3)"
SUMMARY当有明显且当前的危险时,进行了1982年的科森研究和1956年的NSC简报。即使在紧迫性的气氛中,国防专家也没有理由放弃美国对“通过成就安全”作为S&T环境的战略的依赖。因此,可以强有力地说,最好通过保持国家安全来维持国家安全通过成就安全andsecurity by control.前者是DOD的S&T流程的适当策略,后者对系统开发,获取和商业生产的后续阶段有效。
考虑到这种平衡,本文提供的三个建议旨在:
通过纳入本文的建议,指令将通过以下方式符合上述目标:以适当的方式保护研究,以符合NSDD 189中编纂的国家政策;实施以前的DepSecdef Hamre的指令,以将CPI的使用扩展到非S&T计划中;并考虑将MCTL(已被CI/安全社区广泛使用)作为拟议ASD(C3I)数据库的具有成本效益的替代方法。此外,如果发现ASD(C3I)数据库具有显着重复,那么USD(AT&L)BIC可能会探索它作为节省成本的领域。
- Support the commitment of the USD(AT&L), ASD(C3I), and DOT&E, to protect research and technology critical to national security, and achieve coordination of the Directives within 30 days,
- Help meet the CI/Security community's legitimate and important need to target, collect, and disseminate relevant threat data to appropriate RDT&E facility personnel,
- Explore existing means of meeting the CI/Security community's needs, and
- Ensure that defense S&T will not be harmed by measures designed to protect it.
相比之下,如目前所写的 - ASD(C3I)指令:在需要保护研究时规定使用分类过程的国家政策与国家政策相矛盾;与现有的DEPSECDEF政策相矛盾,该政策专门禁止控制“清单”8for S&T projects; propose a database that appears to duplicate the functions of the existing MCTL, which is used extensively by the CI/Security community; and create the possibility for criminal sanctions to be brought against individuals publishing unclassified research.
8与OIPT的会员和工作人员的讨论证实,DepSecdef的禁令扩展到任何列表。在DepSecdef备忘录时,CPI是用于ACAT程序的指定人员;CRT was developed by the CI/Security community well after the DEPSECDEF policy was established on 17 February 2000.
如果以目前的形式获得批准,则可以预期这些指令对美国大学,工业中心和军事实验室进行的国防研究产生令人不寒而栗的影响。
Don J. DeYoung
美国海军研究实验室
Washington, D.C.
2002年4月2日