The Defense Department hasn't kept close enough watch over the contractors working on its most important aircraft program, the Joint Strike Fighter. And as a result, "the advanced aviation and weapons technology for the JSF program may have been compromised," the Department of Defense's Inspector General notes in a report, obtained by the Project on Government Oversight.

The Pentagon is working with eight other countries to build a single, stealthy, single-engine fighter that is supposed to be a low-cost replacement for a huge variety of aircraft – the A-10, F-16, F/A-18, even the British Harrier jump jets. More than 2,400 JSFs are planned over the next several decades, at a cost of $337 billion.

But monitoring the 1,200 contractors working on the planes has proved to be a herculean effort for the Pentagon's Defense Security Service, or DSS. The Inspector General's report doesn't list any specific cases of classified information breaches. But it does state, repeatedly, that the DSS cut regulatory corners, meant to protect the stealth jet's secrets. "DoD [Department of Defense] did not always employ sufficient controls to evaluate and correct potential unauthorized access to classified U.S. technology," the report observes.

In particular, the audit found problems with how the Defense Department oversaw BAE Systems, the London-based arms-maker. Defense Security Service officials conducted security reviews at BAE Systems facilities. But the didn't bother to check up on the company's internal audits – reports that would have "help[ed] the Defense Security Service to evaluate and address potential security weaknesses at BAE Systems, the primary foreign-owned contractor supporting the strike fighter program."

For example, the report notes, the Defense Security Service:

did not obtain and assess... at least [redacted] BAE

Systems’ reports discussing over security weaknesses in controls over classified technology at BAE Systems facilities for 2004 and 2005; *

*did not identify [redacted] percent of the security weaknesses identified by BAE Systems when both audited the same facilities; and *

established an unauthorized policy of discarding security reports after 2 years, thereby preventing our verification of the resolution of security weaknesses identified in 2001, 2002, and 2003. *



In fact, BAE Systems appeared to reject requests for the security reports, saying that "all information contained in the internal audits was privileged and not available to the Government, despite the requirement in the SSA [Special Security Agreement] that the contractor submits those reports to DoD [Department of Defense] for review and appropriate action. DSS

did not challenge BAE Systems' claim that the internal audits are privileged and not subject to Government review. Rather than treating contractors' audit reports as useful tools to complement the industrial security assessments, DSS classifies all contractor reports as "routine correspondence" and destroys them after two years.

"How can the Pentagon security agency allow BAE, its contractor, to deny access to these security records?" Nick

Schwellenbach, a Project on Government Oversight national security investigator, asked in a statement. "This is government information and

BAE is stiff-arming the Pentagon."

UPDATE: "DSS has a thorough and fundamentally sound facility inspection process which was only marginally diminished by the failure to systematically collect, analyze, and retain BAE's required reports," Director Kathleen Watson said in her response to the Inspector General. "While we regret that BAE's internal and independent reports weere not available for the audit team to review, DSS has since taken action to resolve this shortcoming."

But it sounds like that wasn't the only deficit the agency had to make up. This DSS outfit has been in bad shape for a while, a recent House Armed Services Committee hearing revealed:

REP. IKE SKELTON: You stated that the Defense Security Service was underfunded and understaffed when you first arrived. That was two years ago. Is that correct? KATHLEEN WATSON, DSS DIRECTOR; Yes, sir. REP. SKELTON: Do you have enough staff today? And are you fully funded today, to do your job? MS. WATSON:

I'm fully funded to do my job. We've had an increase in our budget in the last year of $80 million, which is substantial. We are not properly resourced yet in terms of personnel because of the hiring process in the department... REP. SKELTON: How short are you as we speak in staff? MS. WATSON: Well over a hundred. REP. SKELTON: What's your total number of staff members? MS. WATSON: Total DSS is about 750, give or take a few positions... REP. VIC SNYDER: Ms. Watson,

I had a couple questions I wanted to ask you. In the GAO [Government Accountability Office] statement, on page 2, it says – talks about your-alls files on contract and facility security programs and the security violation, that says, "Further, the manner in which this information was maintained, geographically dispersed paper-based files, did not lend itself to this type of analysis." Y'all have paper-based files? MS. WATSON: We did. REP. SNYDER: Why? *MS. WATSON: The agency has been under-resourced for approximately 20 years.We now have a database, the Industrial Security Facilities Database, that we use. It's not a system that I would call the system of the future. It's what we have now. *(emphasis mine)

[Photo: USAF]

ALSO: