NOVEMBER 1, 2019 – The loss of technology to strategic competitors has a direct effect on the joint force’s lethality, the director of the Defense Department’s Protecting Critical Technology Task Force said.
And while those technology transfers — some legal and some not quite — are almost always unwanted, they’ve certainly been enabled by a lack of U.S. attention on stopping them, Air Force Maj. Gen. Thomas E. Murphy said during an Association of the U.S. Army forum on Russia and China.
“We are in a competition,” Murphy said. “China and the others are stealing our stuff, and it is causing the erosion of the lethality of the joint force.”
China, in particular, is employing a comprehensive national strategy to acquire critical U.S. technologies through both licit and illicit methods, the general said.
“They are pretty good about it,” he added. “They are unrelenting in hacking our businesses, both big and small. It’s no wonder why their stuff looks remarkably like ours. Look at their airlifter and their newest fighter. It looks just like a C-17 and an F-35. That’s not a coincidence. We’ve unwittingly become the [research and development] base for adversary capabilities and for our strategic competitors.”
Murphy’s task force, stood up about a year ago, has been tasked with stopping the exfiltration of critical U.S. technology to adversaries. A big part of that, he said, starts with identifying what that critical technology is, “If you protect everything as if it’s critical, we protect nothing very well,” he noted.
The task force now has a list that lays out critical programs and technologies, he said, and it is is ensuring those technologies are prioritized and tiered and that protections for that technology are based on the level of criticality.
If, for example, artificial intelligence technology is considered a “Tier 1” technology — the most critical level — he is “going to mandate a lot of things for you to do to protect it cyber-wise, personnel security, operational security, physical security, and the whole nine yards,” he said.
For those that develop and handle defense technology, he said, the systems that process information related to that technology must be secure enough to withstand intrusion from adversaries.
A recent audit shows many companies don’t have even the most basic of cyber security controls in place, the general said. The Defense Department is working on cybersecurity maturity model certification, or CMMC, for potential technology partners that would rate their readiness safely process and store important technology information, he added.
This will have five levels, he explained. To get contracts to do technology work for the DOD, he said, industry or academia would need to achieve the CMMC level commensurate with the nature of the work.
“So up your game, and get your cybersecurity in order,” he said.
Security will also need to be built into the acquisition process from the onset, he said. Program managers tend to focus on cost, schedule and performance when it comes to contracts, he noted, not the company’s ability to keep the technology it will be developing secure.
“I don’t believe today that we sufficiently consider security when determining with which companies to do business,” Murphy said. As a result, he added, there is limited financial incentive for companies to get more secure.
“We’re changing that as well,” he said. “We’re going to work through a series of initiatives to elevate the importance of security to ensure that it’s as important as cost, schedule and performance.”
The department must ensure industry and academia do a better job of knowing who is working with critical defense technology — where their allegiance lies and who they really work for, Murphy said.
“China devotes significant resources at a national level to infiltrate our universities and our labs,” he said. “And they are doing it for a reason. They’ve even coined the phrase … ‘Picking flowers in the U.S. to make honey in China,’ which I would say perfectly illustrates their deliberate plan to steal R&D, knowhow and technology to advance their military capability. They are not even hiding it.”
Researchers shouldn’t be getting paid both by the U.S. government and a foreign government at the same time, Murphy said, and competitors shouldn’t be allowed into labs where new technology has been developed.
“We can’t let our competitors into a lab where a breakthrough advance is discovered only to have them take it back to their country to advance their military capabilities,” the general said. “We must know if you are a member of a foreign talent program. If we don’t ask the questions, we’re never going to know.”
A completely legal way adversaries get U.S. technology is to simply buy it, Murphy said. “This is why we are working to strengthen our ability to stop the unwanted transfer of defense-related technology,” he said. “We need to do a better job of closing the export control loopholes, and getting ahead of these business mergers and acquisitions.”
Doing nothing, Murphy said, might mean “the lethality of the joint force is diminished to a point that is irreparable.”
BY C. TODD LOPEZ