by C. Todd Lopez, U.S. Department of Defense
Adversaries shouldn’t already have read the manual on a new U.S.
gun before the first soldier has had a chance to fire one, William
Stephens, Director of Counterintelligence for the Defense
Security Service said on
April 24, 2019.
“We are in a very highly contested
environment, with our opponents quite successfully taking our
stuff,” William Stephens said at a forum on supply chain security
and software at the Center for Strategic and International Studies,
noting that U.S. intelligence analysts and other sources support
Stephens spoke on the importance of
delivering and how to deliver “uncompromised” technology and
capability to the warfighter.
What that means in practical
terms is that when new technology arrives in warfighters’ hands, the
only people who should know how it works, what it does and what its
limits and capabilities are ... include the defense contractor that
built it, the military service that paid for it, and the service
member who’s going to use it.
A soldier uses a touchscreen computer inside a joint light tactical vehicle on February 12, 2019. (U.S. Department of Defense photo by Sean Kimmons)
Techniques adversaries use to figure out new U.S. technology
before soldiers or airmen get a chance to use it vary greatly, he
said, but include such things as exploitation of relationships in
the technology community -- such as at conferences and trade shows —
as well as email and mail, surveillance, exploitation of cyber
operations, exports or supply chains, and even insider access and
Americans pay for a lot of technology to
support the warfighter, Stephens said, and when that technology is
compromised before the warfighter is able to use it, Americans lose
out on their investment. But the biggest threat from compromised
technology, he added, is to warfighters themselves.
nations, Stephens said, are “exceedingly well-focused on coming
after American technology, and that’s got to stop.”
Delivering Uncompromised Technology
How can the Defense Department improve upon its ability to
deliver uncompromised technology to warfighters? Stephens said that
might include telling program managers at the beginning of a program
they need to deliver a technology uncompromised. That directive is
passed down to a prime contractor who will develop the technology.
The contractor must operate at a “certain state of care,” and that
certain state of care, which could be established “legally as a
If a company is operating at that state of care, Stephens said, it
can achieve “safe harbor” status, which protects it from litigation.
While it will never be 100 percent possible to prevent adversaries
from taking U.S. technology, contractors will be able to show they
are doing their best to protect technology development from
compromise. “They aren’t expected to be magic, but they are expected
to operate with a significant capability,” he said.
technology is compromised and a company is determined to be
responsible for the loss, it may have safe harbor if it had been
operating at the legally defined “appropriate state of care,”
Stephens explained. If the company was not operating at the
appropriate state of care, then it may be exposed to litigation and
Americans can get back some of their investment.
said it’s possible that insurance markets might grow up around this
concept, where companies that are good at establishing and
maintaining that state of care will pay lower premiums than those
The extensive security needed to provide
uncompromised technology is expensive, Stephens acknowledged, and he
suggested that small businesses that want to provide technology to
the military might be offered tax breaks or low-interest or
no-interest loans to help.