Science and Technology (S&T) Program Protection
Maintaining Technology Advantage (MTA)
The Science and Technology Program Protection Office's Maintaining Technology Advantage (MTA) Directorate leads Department of Defense (DoD) efforts to balance the promotion and protection of critical and emerging technologies (C&ET) throughout the technology development lifecycle. These MTA efforts ensure that the U.S. maintains worldwide leadership in C&ET, which are foundational to the unquestioned superiority of the American joint forces. MTA collaborates closely with the other elements of the National Security Innovation Base (NSIB) - to include the Military Services, other DoD offices, the U.S. defense industry, and the U.S. academic/research enterprise - to identify and implement best practices, policies, mechanisms, strategies, and standards that protect U.S. technological advantage, foster U.S. technological development, and mitigate exploitation by strategic competitors. The following sections highlight major MTA initiatives and lines of effort.
MTA develops proactive S&T protection measures, such as Technology Area Protection Plan (TAPP) policy and guidance, to help protect C&ET. TAPPs further DoD S&T protection goals by:
-
- Instituting a common understanding of DoD terminology and protection approaches for select C&ET
-
- Providing a strategy to establish and apply appropriate protection methods for C&ET
-
- Ensuring that DoD S&T organizations have the most updated protection information and policies regarding their C&ET research
-
- Facilitating the application and transition of early prevention/safeguarding measures from the early research and development stage to later acquisition stages
MTA manages the JAPEC to help DoD and the Federal Government proactively combat strategic competitors who seek to undermine U.S. technological advantage. JAPEC's counter-exploitation and technology protection activities include:
-
- Identification of controlled technical information and synchronization of its protection
-
- Mitigating vulnerabilities
-
- Countering strategic competitor exploitation of DoD missions, programs, and technologies
-
- Coordinating the annual development of the Critical Programs and Technologies (CP&T) List
-
- Managing the development, implementation, and impact assessments for DoD CP&T enhanced technology protection measures
-
- Collaborating with counterintelligence, law enforcement, security, and technical stakeholders on National Security Innovation Base (NSIB) protection and promotion activities
MTA oversees the DoD DAMO, which provides assessments and resources to inform Department stakeholders of potential compromises to controlled unclassified information (CUI) and DoD capabilities from cyber intrusions, and then recommends mitigation actions to protect U.S. military advantage. DAMO functions include:
-
- Providing comprehensive, predictive assessments of potential damage to the current and future superiority of American joint forces resulting from a potential loss of DoD technical information
-
- Aligning individual Service DAMO functions with the Defense Industrial Base Cybersecurity Program
-
- Integrating cyber incident reporting compiled by the Defense Cyber Crime Center and other sources
MTA supports NSIB technology protection efforts by using various tools and mechanisms to identify and close security gaps, foster domestic technology development, and mitigate threats posed by foreign ownership, control, and influence. MTA protects U.S. entities by:
-
- Providing technical assessments that inform DoD feedback on Committee on Foreign Investment in the United States (CFIUS) cases
-
- Reviewing requests for export licenses
MTA develops analytic tools and capabilities and incorporates them throughout the technology development lifecycle to promote and protect C&ET. MTA data efforts that give DoD an "information advantage" include:
-
- Integrating data to proactively identify and protect emerging technologies early in the technology development lifecycle
-
- Enabling decision-making dominance across the entire MTA mission set, including a data-driven prioritization of DoD resources for comprehensive technology protection
Document Library and Resources
This section provides DoD-authored policies on academic and NSIB protection for stakeholders in the academic and research communities.
Policy on Risk-Based Security Reviews of Fundamental Research: In accordance with National Security Presidential Memorandum - 33, the Under Secretary of Defense for Research and Engineering signed out a policy on June 8, 2023 that requires all fundamental research projects that are selected for award by the Department to go through a review for potential conflicts of interest and conflicts of commitment arising from foreign influence.
USD(R&E) Memorandum, "Collecting Assistance Award Information as Required in Section 1281(d)(1) of the NDAA for FY 2020," June 29, 2020: Directs grant managers and other personnel supporting awards and administration of grants to take specified action for all research and research-related activities supported by these types of DoD instruments.
USD(R&E) Letter to U.S. Academia, October 10, 2019: Requests the academic community to assist in identifying and taking action against illegal activities and unethical practices across the research enterprise.
Under Secretary of Defense for Research and Engineering (USD(R&E)) Memorandum, "Actions for the Protection of Intellectual Property, Controlled Information, Key Personnel, and Critical Technologies," March 20, 2019: Provides direction in response to Section 1286 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 Section 1286, pages 444-446, which directs the Secretary of Defense to establish an initiative to work with academic institutions that perform defense research and engineering activities. This memorandum directs DoD grant managers and other personnel supporting the award and administration of grants, cooperative agreements, technology investment agreements, and other non-procurement transactions to take the specified actions for all research and research-related educational activities supported by these types of DoD instruments.
DoD Acquisition, Technology, and Logistics Memorandum, "Fundamental Research" (also known as the "Carter Memo"), May 24, 2010: Provides clarifying guidance to ensure that DoD grants, contracts, and negotiations with the research community for fundamental research are consistent across Components and fully compliant with National Security Decision Directive 189.
DoDI 5230.24, "Distribution Statements on DoD Technical Information," January 10, 2023: Establishes policy, assigns responsibilities, and provides procedures for assigning distribution statements on technical information. It also establishes a standard framework and markings for managing, safeguarding, sharing, and distributing technical information in accordance with national and operational security, privacy, records management, intellectual property, Federal procurement, and export-control policies, regulations, and laws.
DoDI 5000.83, "Technology and Program Protection to Maintain Technological Advantage," July 20, 2020 (Change 1, effective May 21, 2021): Establishes policy, assigns responsibilities, and provides procedures for S&T managers and engineers to manage systems security and cybersecurity technical risks; hardware, software, cyber, and cyberspace vulnerabilities; supply chain exploitation; and reverse engineering. This instruction also assigns responsibilities and provides procedures for S&T managers and lead systems engineers for Technology Area Protection Plans (TAPPs), S&T protection, Program Protection Plans (PPPs), and engineering cybersecurity activities.
DoDI 5200.48, "Controlled Unclassified Information (CUI)," March 6, 2020: Establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout DoD in accordance with Executive Order (EO) 13556; Part 2002 of Title 32, Code of Federal Regulations; and Defense Federal Acquisition Regulation Supplement (DFARS) Sections 252.204-7008 and 252.204-7012.
DoDI 3200.12, "DoD Scientific and Technical Information Program (STIP)," August 27, 2013 (Incorporating Change 3, effective December 17, 2018): Reissues DoD Directive 3200.12 as a DoDI to establish policy, assign responsibilities, and prescribe procedures to carry out the DoD STIP consistent with the national science and technology policy and priorities described in Section 6602 of Title 42, U.S.C. This instruction also incorporates and cancels Directive-type Memorandum 17-002.
DoD Instruction (DoDI) 3210.7, "Research Integrity and Misconduct," May 14, 2004 (Incorporating Change 1, October 15, 2018): Specifies detailed procedures and standards for the prevention of research misconduct.
This section provides DoD guidance on research security and technology protection for S&T program managers and researchers in DoD, the Federal Government, industry, and academia.
Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions: The document "Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions" is a guide to assist program managers and DoD Components in reviewing fundamental research proposals for potential conflicts of interest and conflicts of commitment. This decision matrix identifies actions prohibited by law that would preclude an investigator or institution from receiving funding from the Department. The document also describes conditions under which mitigation is required or recommended prior to receiving funding from the Department, depending on the type of conflict and the timeframe in which it occurs. The Department is making this document public to be transparent about the types of behaviors the Department finds problematic and to provide DoD-funded researchers a better understanding about how their proposals may be received and reviewed.
Fiscal Year (FY) 2023 Lists Published in Response to Section 1286 of the John S. McCain National Defense Authorization Act for FY 2019 (Public Law 115-232), as amended: The document "FY23 Lists Published in Response to Section 1286 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232), as amended" is the current set of lists required by law, as stated. This document identifies those foreign institutions that have been confirmed as engaging in problematic activity as described in Section 1286(c)(8)(A) of the referenced law. It also identifies the foreign talent programs that have been confirmed as posing a threat to the national security interests of the United States as described in Section 1286(c)(9)(A) of the referenced law. As detailed in the "Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions" listed above, it is one of the sources that supplements the Decision Matrix document. Caution is advised for any researcher or institution engaging with institutions on this list.
STM 0020 "Fundamentals of Science and Technology Protection" Course: Developed jointly between MTA and Defense Acquisition University (DAU), this free, online training course provides defense S&T managers with guidance on how to conduct risk-informed protection planning and management to mitigate the threat of unwanted technology transfers of programs, projects, systems, and technical information to strategic competitors. To register and take the "Fundamentals of Science and Technology Protection" course, visit here. For information on DAU account eligibility, visit here.
OUSD(R&E) S&T Protection Guide (Final/Cleared for Public Release), March 2021: Supports requirements outlined in DoD Instruction (DoDI) 5000.83, "Technology and Program Protection to Maintain Technological Advantage," offering guidance and a sample process to assist DoD Components in developing an overall methodology to protect DoD-sponsored S&T programs from unauthorized disclosure.
OUSD(R&E) S&T Protection Plan Template (Final/Cleared for Public Release), March 2021: Provides S&T managers with example best practices that may be adapted to meet unique organizational needs and program requirements. S&T managers are free to edit or tailor portions of this template, as needed, to suit agency requirements or for the purposes of individual projects.
DoD Basic Research Office Academic Security Page: Curated and maintained by the Basic Research Office within OUSD(R&E), this webpage is a resource for the actions that the DoD, Federal Government, and academic community are taking to ensure the integrity of fundamental research in academia.
Defense Counterintelligence and Security Agency (DCSA) Critical Technology Protection Efforts: On behalf of the Secretary of Defense, the DCSA serves as the Cognizant Security Office providing oversight to approximately 10,000 cleared U.S. companies under the National Industrial Security Program. DCSA ensures the proper protection of sensitive and classified U.S. Government and foreign government information, technologies, and materials entrusted to cleared industry.
DCSA Counterintelligence Resources Page: Provides reports on what U.S. technologies our adversaries are targeting and how they target them.
Defense Advanced Research Projects Agency (DARPA) Countering Foreign Influence Program (CFIP): An adaptive risk management security program designed to help protect the critical technologies and intellectual property associated with DARPA's research projects by identifying possible vectors of undue foreign influence.
This section provides guidance and policy from the executive branch on research security and technology protection for Critical and Emerging Technologies (C&ET).
"National Strategy for Critical and Emerging Technologies," October 2020: Calls for the U.S. to lead in S&T by prioritizing emerging technologies critical to economic growth and security, and by promoting and protecting the National Security Innovation Base (NSIB).
"Critical and Emerging Technologies List Update," February 2022: This updated document expands upon the initial C&ET list included in the October 2020 National Strategy for C&ET by identifying subfields for each C&ET with a focus, where possible, on core technologies rather than on technology application areas or performance characteristics.
Office of Science and Technology Policy (OSTP) Brief, "Enhancing the Security and Integrity of America's Research Enterprise," July 2020: Describes the core principles and values of the U.S. research enterprise; how some individuals and foreign governments violate core principles of integrity and pose risks to the research enterprise; and the U.S. Government's actions to strengthen the research enterprise.
National Science and Technology Council (NSTC) Report, "Recommended Practices for Strengthening the Security and Integrity of America's Science and Technology Research Enterprise," January 2021: Offers recommendations that research organizations (e.g., universities, private companies, and independent research institutes) can take to better protect the security and integrity of America's research enterprise. This report serves as a complementary document to National Security Presidential Memorandum 33 (NSPM-33), titled, "U.S. Government-Supported Research and Development National Security Policy" (listed below).
NSPM-33, "Presidential Memorandum on United States Government-Supported Research and Development National Security Policy," January 14, 2021: Directs action to strengthen protections of U.S. Government-supported research and development against foreign government interference and exploitation.
NSTC Report, "Guidance for Implementing NSPM-33," January 2022: Provides implementation guidance for NSPM-33, developed by the OSTP in close collaboration with Federal Agencies.
National Security Memorandum 10, "Promoting United States Leadership on Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems," May 4, 2022: Identifies key steps needed to maintain the Nation's competitive advantage in quantum information science, while mitigating the risks of quantum computers to the Nation's cyber, economic, and national security. It directs specific actions for Federal Agencies to take as the U.S. begins the multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography.
Executive Order (EO) 14017, "America's Supply Chains," February 24, 2021: Directs the U.S. Government to undertake steps to protect America's supply chains and industrial base.
EO 14034, "Protecting Americans' Sensitive Data from Foreign Adversaries," June 9, 2021: Directs the U.S. Government to take measures to protect Americans' data.
EO 14801, "Advancing Biotechnology and Biomanufacturing Innovation for a Sustainable, Safe, and Secure American Bioeconomy," September 12, 2022: Provides guidance for undertaking a whole-of-government approach to advance biotechnology and biomanufacturing. Sections within this order directly address biosecurity and threats to the bioeconomy.
EO 14083, "Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States," September 15, 2022: Provides expanded guidance on specific factors the CFIUS should consider when evaluating applications.
This section provides legislative directives in research security and technology protection that impact the research and acquisition enterprises.
Fiscal Year (FY) 2019 National Defense Authorization Act (NDAA) Section 1049, "Critical Technologies List": Requires the Secretary of Defense to maintain a list of acquisition programs, technologies, manufacturing capabilities, and research areas that are critical for maintaining U.S. technological advantage.
FY 2020 NDAA Section 847, "Mitigating Risks Related to Foreign Ownership, Control, or Influence (FOCI) of DoD Contractors and Subcontractors": Requires the Secretary of Defense to improve the process and procedures for the assessment and mitigation of risks related to FOCI of contractors and subcontractors doing business with the Department.
FY 2019-2021 NDAA Section 1286, as amended, "Initiative to Support Protection of National Security Academic Researchers from Undue Influence and other Security Threats": Requires the Secretary of Defense to establish an initiative to protect the products of academic research, and to provide an annual report to Congress on the progress of those initiatives.
FY 2021 NDAA Section 223, "Disclosure of Funding Sources in Applications for Federal Research and Development Awards": Requires each Federal research agency to require, as part of any application for a research and development award, that the applicant disclose current and pending support; certify that disclosure is current, accurate, and complete; and update disclosure at the request of the agency.
FY 2021 NDAA Section 1062, "Limitation on Provision of Funds to Institutions of Higher Education Hosting Confucius Institutes": Instructs DoD to provide no funding to any institution of higher education that hosts a Confucius Institute, other than amounts provided directly to students as educational assistance, unless provided a waiver by the Secretary of Defense in consultation with the National Academies of Sciences, Engineering, and Medicine.
Creating Helpful Incentives to Produce Semiconductors (CHIPS) and Science Act of 2022 Sections 10631, "Requirements for Foreign Talent Recruitment Programs" and 10632, "Malign Foreign Talent Recruitment Program Prohibition": Prohibits participation in any foreign talent recruitment program by personnel of Federal research agencies, and prohibits participation in a malign foreign talent recruitment program by covered individuals involved with research and development awards from those agencies.
Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) Extension Act of 2022 Section 4, "Foreign Risk Management": Requires agencies with an SBIR or STTR program to assess the security risks presented by applicants with financial ties or obligations to certain foreign countries. This act also establishes various reporting requirements, including directing DoD and other Federal agencies to assess the national security and research and integrity risks of the SBIR and STTR programs.
This section provides links to technology protection resources for the Federal Government, contractors, and private-sector cybersecurity and technology protection professionals.
Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012: Addresses safeguarding covered defense information and cyber incident reporting and provides requirements to contractors when this DFARS clause is incorporated into the contract. Incidents must be reported to DoD within 72 hours. The affected data and all related data covering the 90 days prior to the date of the incident must be presented to DoD, along with any infected software.
The DoD Grants Office provides Oversight Research Assistance Awards (grants, cooperative agreements, and technology investment agreements):
-
- Key Forms for Assistance Awards (additional information available on Grants.gov):
-
-
-
- R&R Senior/Key Person Profile (Expanded) Form (select Version 3.0 from list)
-
-
Confucius Institute Waiver Program: Section 1062
of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2021 prohibits the Department from providing funding to any U.S. institution of higher education hosting a Confucius Institute unless that institution receives a waiver from the Secretary of Defense. This prohibition does not apply to direct funding to students attending U.S. institutions of higher education. International institutions that host Confucius Institutes are not subject to the prohibition in Section 1062 of the NDAA for FY 2021 and thus do not require waivers to receive DoD funding. The prohibition on funding goes into effect on October 1, 2023.
The OUSD(R&E) Confucius Institute Waiver Program (CIWP) is responsible for considering and approving or denying waiver applications from any U.S. institution of higher education that is hosting a Confucius Institute and desires a waiver from the prohibition on funding required by Section 1062 of the NDAA for FY 2021. The CIWP uses the NDAA for FY 2021 definition of a Confucius Institute, which is: a cultural institute funded either directly or indirectly by the Government of the People's Republic of China.
The Department has a separate process for reviewing and adjudicating waiver requests of the prohibition in Section 1091 of the NDAA for FY 2019 on obligating or spending funds for Chinese language instruction provided by a Confucius Institute. U.S. institutions of higher education hosting a Confucius Institute granted a waiver of the prohibition in Section 1062 of the NDAA for FY 2021 may still be subject to the prohibition in Section 1091 of the NDAA for FY 2019.
Guidance for applying to the Confucius Institute Waiver Program can be found here.
The below partners collaborate with MTA on technology protection efforts and provide additional technology protection guidance and resources.
The Cybersecurity and Infrastructure Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. The CISA Services Catalog provides a single resource for users to access information on services across all of CISA's mission areas.
The Defense Industrial Base Collaborative Information Sharing Environment, part of the DoD Cyber Crime Center, is a public-private cybersecurity partnership focused on protecting intellectual property; safeguarding DoD content residing on or transiting through contractor unclassified networks; and providing a collaborative environment for crowd-sourced threat sharing at both unclassified and classified levels. Resources are available here.
The National Counterintelligence and Security Center champions the integration of the U.S. Government's counterintelligence (CI) and security activities focused on countering threats to information and assets critical to our Nation's security; provides CI outreach to the U.S. Government and private sector entities; and issues public warnings regarding intelligence threats to the U.S.
The Federal Bureau of Investigation (FBI) provides resources and support to businesses and academia.
Graphic from FBI 2019 Report, "China: The Risk to Academia" linked above
The National Science Foundation supports and drives responsible and ethical conduct of research. Learn more here.
The National Institutes of Health (NIH) seeks to protect the integrity of U.S. biomedical research. See the NIH Director's statement on protecting biomedical research here.
Contact
If you would like to contact the MTA Team with an issue or question, please email:Â OSDRE-Maintaining-Tech-Advantage@groups.mail.mil
Additional resources are available on the Research Development Security Forum Portal (DoD CAC-enabled): https://www.dodtechipedia.mil/dodwiki/display/RDSF