Assessing & Managing Risk
Defense Technology Security Reviews
Technology Review of Munitions and Dual-Use Export Licenses
DTSA reviews requests to export munitions items under the licensing authority of the Department of State and dual-use items under the licensing authority of the Department of Commerce. Important factors in the review include an assessment of the technology proposed for export, the completeness of the license application, the accuracy and consistency of the technical information, the details of the transaction, the appropriateness of the technology for the proposed end use, the bona fides of the end user, and any risks to national security associated with the transaction. DTSA has implemented rigorous internal controls and processes to ensure provisos and limitations imposed on the transaction are consistent with DoD policy and technology security objectives. The DTSA staff works closely with industry, the interagency, our international partners, and with DoD stakeholders, to resolve complex technology transfer issues and ensure national security objectives are met.
Technology Control Plan
DTSA may impose requirements for a technology security plan (TSP) or technology transfer control plan (TTCP) during the review process to mitigate risks associated with an international transfer conducted via a Direct Commercial Sale (DCS) or Foreign Military Sale (FMS). TSPs and TTCPs help organizations and/or foreign recipients establish the plans and procedures that foster compliance with export laws, regulations and license provisions. Industry often refers to a TSP for internal, company-specific plans and procedures, and a TTCP when referring to a document submitted to the U.S. Government in order to meet licensing requirements imposed by the U.S. Government. A TTCP is mandatory under the law for the provision of defense services involving the integration and launch of a satellite from a non-NATO+ country. An accountability plan is usually imposed to ensure the applicant is confident that the end user or customer has a process in place to account for and use the export-controlled items as stated in the approved license. The most common plan is a parts accountability and control plan used to account for the use of radiation-hardened or radiation-tolerant parts. A complete plan typically addresses the following topics:
- Responsible POCs in the organization for security and/or export controls
- Training requirements for U.S. and foreign personnel
- Internal processes and procedures to ensure compliance with license provisions
- Access controls for foreign nationals
- Internal processes and procedures for appropriate marking, accessing, and storing of documents (e.g. ITAR, classified, sensitive, proprietary, etc.)
- Processes and procedures for obtaining approval to transfer or release information
- IT security measures for protection of infrastructure and data
- Description of integration and launch operation security for satellite-based activities
- Handling and accountability of damaged or destroyed parts
- Foreign participant roles, responsibilities, and interactions, foreign locations and activities
- Identification of technical data to be released and/or defense services provided with specific prohibitions
This documentation helps industry understand the scope of an approved transfer and control mechanisms that mitigate risk of unauthorized release.
End User Checks
In order to mitigate risk associated with an international technology transfer, it is important to understand who is receiving the U.S. technology and verify the bona fides of the end user and other foreign parties to the transaction. DTSA performs end user checks as part of the technology transfer review process in order to provide a more complete picture of the nature of the transaction and the potential risks to national security that may result from unauthorized use, proliferation, or diversion. The track record of the foreign recipient and effectiveness of the export controls in the country of destination are considered during the process of preparing a recommendation for approval and appropriate provisions or limitations for an export license. End user checks provide information that is used by licensing analysts, technical reviewers, and senior decision-makers in the license review process to mitigate technology transfer risk. This information is important for tailoring the licensing conditions to best fit the given transaction rather than imposing a one-size-fits-all approach that may be over-restrictive in some cases and under-restrictive in others.