UNCLASSIFIED Foreign Ownership Control or Influence FOCI August

UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009 UNCLASSIFIED

UNCLASSIFIED (U) Scope of the DSS Security Mission Oversee National Industrial Security Program Integrate Counterintelligence • 4, 242 CI Suspicious Contact Reports (FY 09 YTD) • 421 Intelligence Information Reports (FY 09 YTD) • 14, 537 personnel received Counterintelligence Threat Awareness Briefings (FY 09 YTD) • 6 IS Reps are signed up to take CI Fundamentals course at JCITA • 3 IS Reps are signed up to take the CI Research Development & Acquisition Course at JCITA • Enhancing relationship with LE/CI Communities 12, 801 active, cleared facilities in NISP Clear and inspect facilities • 9, 100 inspections (FY 08) • 1, 791 new facility clearances granted (FY 08) • 14, 355 accredited systems in industry Adjudicate Industry Security Clearances (DISCO) • More than 1 M cleared contractors (June 30) • 180, 600 Personnel Security Adjudications (FY 08) • 13 days average to process all initial clearances by IRTPA measures Fund NISP Personnel Security Investigations • $224. 88 M beginning NISP PSI funds (FY 09) • Estimated $159 M expended as of June 27 Provide Foreign Ownership, Control or Influence mitigation/international 675 FOCI facilities • 252 FOCI mitigation agreements • Support to 65 Foreign Countries • NISP Support to 23 Government Agencies • Provide information technology services 100, 000+ worldwide users • 6 Legacy Security Systems • 6 System Enhancements in Development • 5 New Initiatives in Planning Phase • Renewed Emphasis on IS Automation • Transition PSI security systems Secure Industrial Base Deliver security education and training Do. D & NISP Functional Manager • 64, 778 students trained to date (FY 09) • 53, 569 students trained (FY 08) • 400% increase over FY 04 -2 -

UNCLASSIFIED (U) DSS Goals Strengthen and refocus DSS on NISP and SETA Programs and ensure effective oversight/management of NISP Oversee National Industrial Security Program § Reduce ratio of industrial security professionals to cleared facilities § Enhance current Facilities of Interest List with additional CI and other risk factors § Establish professional development and certification program for Industrial Security personnel § Enhance current internal industrial security information management system Integrate Counterintelligence § Strengthen Counterintelligence in industry § Facilitate industry access to threat information § Continue to integrate CI into Industrial Security Program § Continue staff augmentation to tailor and expand CI services to Cleared Defense Contractors, § Continue Counterintelligence and Law Enforcement Interagency community outreach Provide information technology services Provide Foreign Ownership, Control or Influence mitigation/international § Transfer legacy systems associated with personnel security function § Retain Industrial Security Facilities Database (ISFD) and Electronic Network Registration and Online Learning (ENROL) and develop next generation system § Enhance Foreign Ownership, Control or Influence (FOCI) analytic branch to ensure proper reporting and develop trends in FOCI § Develop financial analysis cell to assess FOCI by foreign investment entities § Refine processes in the FOCI and International Branches § Develop policies and procedures for DSS overseas presence Deliver security education and training § Continue creation of web-based training § Address Stakeholder training by updating courses § Professionalize the security career field across Do. D -3 -

UNCLASSIFIED (U) National Industrial Security Program Authorities/Responsibilities Executive Order 12829, National Industrial Security Program (NISP), defines authorities & assigns responsibilities. Purpose is protection of classified information released to contractors. National Security Council (NSC) provides overall policy direction. Information Security Oversight Office (ISOO) • Implementation and oversight • Chairs NISP Policy Advisory Committee (NISPPAC) Do. D is the Executive Agent Responsible for: • Issuance/updating NISP Operating Manual (NISPOM) • Operational oversight (except ODNI/CIA, DOE, NRC) DSS is the Do. D Cognizant Security Office • Administers NISP on behalf of Do. D and 23 non-Do. D agencies • Clears companies and their employees • Conducts oversight UNCLASSIFIED

UNCLASSIFIED (U) Basis for FOCI Oversight and Compliance Federal Acquisition Regulations • Require government contracting activities to insert a Security Clause (FAR 52. 204 -2) whenever a contract requires access to classified information. • Security Clause requires contractors to protect classified information in accordance with standards established in NISPOM. Do. D Security Agreement • As prerequisite for facility clearance (FCL), Do. D cleared companies execute Do. D Security Agreement. • Agreement allows for termination by either party with 30 days notice. • By executing Do. D Security Agreement, companies agree to: • Implement protection standards for industry established in NISPOM. • Allow Do. D to conduct compliance inspections (Unsatisfactory rating can lead to FCL revocation). Key NISPOM Requirements • Reporting of material/significant changes to information provided by company on Certificate Pertaining to Foreign Interests, SF 328. • Report when entering into “Discussions, consultations or agreements” that may lead to acquisition by a foreign interest. • Companies must agree to an acceptable FOCI mitigation measure prior to closing of foreign acquisition or suffer invalidation (invalidation of the FCL automatically renders a contractor ineligible to bid on new classified contracts or to receive new classified material). UNCLASSIFIED

UNCLASSIFIED (U) FOCI and CFIUS • Parallel but separate - “The Committee on Foreign Investment in the U. S. (CFIUS) review and the FOCI review are carried out in two parallel but separate processes with different time constraints and considerations. ” • Narrower scope - “A U. S. company is considered under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U. S. company’s securities, by contractual arrangements or other means, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts” • Recurring Oversight – DSS conducts annual inspections of 252 companies cleared under FOCI mitigation agreements (675 cleared facilities, includes branches, subsidiaries). (Source: NISPOM 2 -310 b, 2 -300 a) UNCLASSIFIED

UNCLASSIFIED (U) FOCI Adjudication DSS considers the following factors (in relation to the company, the foreign interest and the government of the foreign interest) in the aggregate to determine if a company is under FOCI, its eligibility for a clearance, and the protective measures required: • Record of economic and government espionage against U. S. • History of cooperation on technology transfer • Type and sensitivity of information that will be accessed • Source, nature and extent of FOCI • Company’s record of compliance with U. S. laws, regulations, and contracts • Nature of bilateral or multilateral security agreements with the foreign government • Foreign government ownership or control (Source: NISPOM 2 -301) UNCLASSIFIED

UNCLASSIFIED (U) FOCI Mitigation Agreements: Use depends on extent and nature of FOCI • Board Resolution (BR) • Foreign interest has minority ownership insufficient to elect board members • BR identifies foreign shareholder and security requirements • No access limitations • Security Control Agreement (SCA) • Foreign interest has minority ownership sufficient to elect board members • SCA requires 1 -3 disinterested, cleared, U. S. citizen Outside Directors • No access limitations • Special Security Agreement (SSA) • Foreign interest has majority ownership and effectively controls company • SSA requires 2+ disinterested, cleared, U. S. citizen Outside Directors • Access to Proscribed Information* requires a National Interest Determination • Proxy Agreement (PA) • PA requires foreign interest to convey most voting rights, independence • Requires cleared, disinterested, U. S. citizen proxy holders • No access limitations • Voting Trust (VT) • VT requires foreign interest to convey legal title, independence • Requires cleared, disinterested, U. S. citizen trustees • No access limitations * Proscribed Information includes Top Secret, COMSEC, RD, SAP, or SCI UNCLASSIFIED (Source: NISPOM 2 -303)

UNCLASSIFIED Questions? -9 -