The U.S. Department of Defense is failing to adequately maintain its main reference list of vital defense technologies that should be banned from export, despite rules requiring its use and upkeep, according to a new report from the Government Accountability Office (GAO).

The Militarily Critical Technologies List (MCTL) is “outdated and updates have ceased,” the GAO found in a report released this week. The list was intended as the DOD’s main resource for tracking sensitive technology and preventing its export to foreign nations or entities. But the government agencies charged with using the list say it is too broad and out-of-date to be of much use and have long since abandoned it. Now budget cuts to the program that maintains the list are forcing export control officials in the government to use alternative information sources and informal “networks of experts” to tell them what technologies are in need of protection, GAO found.

The Militarily Critical Technologies List (MCTL) is one of two lists, along with the Developing Science and Technologies List (DSTL), that the military uses to identify technologies that are critical to national defense and that require extra protection. The lists inform U.S. export control decisions, but also serve a lager role as resources to inform security decisions, including counterintelligence activities, research plans, and technology protection programs, the GAO noted in a 2006 report.

Among other things, the MCTL is an important component of a DOD anti-tamper critical technology tool, which is used to determine the best way to protect the most valuable military assets from tampering when exported or lost in military missions. The MCTL also informs the DOD’s monitoring of industrial espionage activities, including foreign governments targeting U.S. technologies, GAO said.

Despite that, the two lists have been the subject of critical reports in the past. The 2006 GAO report concluded that the DOD Militarily Critical Technologies Program’s process for updating the MCTL and DSTL relied on volunteer groups of subject experts from government, industry and academia, resulting in “lists that are of questionable value”

More than six years later, little has changed. The GAO’s new report, “Protecting Defense Technologies: DOD Assessment Needed To Determine Requirement For Critical Technologies List” (GAO 13-157) finds that the situation has only worsened. Among other things, the GAO said the List’s sections on emerging technologies is outdated and that sections of the MCTL haven’t been refreshed since 1999.

At its roots, the MCTL and DSTL projects are suffering from funding cuts to the project’s $4 million budget to just $1.5 million in 2011. Since then, the DOD has ceased updating the MCTL, withdrawn a public version of the list from the Internet, and warned those within the DOD that the MCTL shouldn’t be considered authoritative because it hasn’t been updated.

Today, the MCTL is no longer used to inform export decisions–the original purpose of the list. Instead, Department of Commerce officials who give guidance on the criticality of technologies as part standard reviews of export license determinations and foreign acquisitions of U.S. companies make those decisions based on consultation with “their own network of experts” in the Departments of State, Defense and Energy, GAO found.

Other DOD programs to protect critical technologies need a technical reference such as the MCTL and have integrated the list to help inform decision-making, and are not left looking for alternatives, including the development of program-specific technical references – a duplication of effort that could complicate the military’s effort to monitor sensitive technology.

GAO found the DOD caught in the middle with the MCTL – the Department has moved on without the MCTL. Citing fears about its reliability, the Department of Defense now consults resources like the Commerce Control List, Missile Technology Control Regime Munitions List, and Wassenaar Arrangement Dual-Use and Munitions List for details on sensitive technologies. Officials in the Departments of Commerce and State have done the same – albeit without coordinating those efforts with each other.

However, a variety of other vital programs and other military branches still rely on the MCTL’s accuracy. They include DOD anti-tampering and counter-espionage programs.

That leaves DOD caught in between – legally required to maintain the MCTL, but unwilling to expend the money and time needed to bring it up to date. GAO said that the DOD should either ask for Congress to free it of the requirement to maintain the list, or consult with those who rely on the list, determine their needs, then spend the resources to make the list work.

“You’re not doing this in a vacuum,” said Belva Martin, Director of Acquisition and Sourcing Management at GAO. “DOD should figure out who needs it and what its purpose is.”