Determining What Is Secure or Not Secure: That Is the Challenge
The roots of the Army's Research and Technology Protection Center (ARTPC) don't date back to Shakespearean times, but the center's genesis took place early in the 21st century with the original mission of protecting technologies of the now-canceled Future Combat Systems program.
A 2001 security report commissioned by then Army Chief of Staff Gen. Eric Shinseki, USA, made clear the need for coordinated security efforts. ARTPC's chief, Richard Henson, explains the general's reasoning:
A lot of people were working on it [security], but there was no one place where it either all came together or where it was all visible. As a result, the Army created the ARTPC as a center of excellence to focus on research and technology protection activities.
The ARTPC officially opened its curtains in 2002. It's up to the center's experts to help PEOs and PMs identify critical program information and help them decide how to protect it, Henson says. During its FCS days, the center focused on developing a systematic way of ID'ing crucial data and standardizing its protection. These actions are evident in the role the ARTPC plays today.
Using a two-act ensemble-technology protection engineers and program protection architects-the ARTPC supports Army programs, working together to address different sides of the ID and classification process. In act one, technology protection engineers, embedded in major Army R&D efforts, work directly with PMs. They ID a program's critical technologies, seek a balance between security and info sharing, and bridge the language gap between intel experts and researchers.
Act two features the program protection architects, who help a PM develop specific protection plans. Then they identify and recommend methods for particular scenarios.
Figuring out what should be classified is the next step. Does the program have an updated guide to classification levels? Is the technology so old that it's already recognizable in the public domain? Is it service-unique? Will its dissemination place the nation in harm's way? To achieve horizontal protection, the ARTPC and the OSD, Undersecretary of Defense for AT&L, are developing an acquisition security database.
Implementing the Defense Department's Instruction 5200.39-which sets guidelines for protecting critical program information-is another of the center's tasks. The ARTPC has undergone enormous changes in the last two years to address its goals, one of which is staff structural changes. Although Defense Department auditing found shortcomings in the center's implementation of countermeasures and oversight, the ARTPC is now a government organization that can assume different responsibilities where it couldn't with a contractor-only staff.
Improvements in structure and processes are ongoing, as with all organizations that must remain relevant, so no curtain call is imminent for the center. Are there more efficient ways to streamline the ARTPC's data identification process, or would these just add layers to what is envisioned as an already more simplified effort? Discuss your ideas, express your concerns here. We welcome your unclassified data input.