0314hrs, 10 June 2018, Straits of Taiwan.  The VFA commander achieved altitude leading his squadron to intercept a wing of Chinese Sukhoi Su-30MK2 Flanker fighters. Although outnumbered four to one, the American pilots were confident in their aircraft's capabilities in what would be the first salvo of air-to-air missiles following China’s invasion of Taiwan. After all, VFA-40 was equipped with the world’s most advanced and expensive fighter, the F-35 Joint Strike Fighter. The U.S. aircraft automatically transmitted each fighter's real-time fuel consumption rates, location, and a myriad of other information to the USS Ronald Reagan. However, the returned "acknowledge" signal did not come from the Reagan, it came from a nondescript frigate off Meizhou Island. In a few milliseconds, communications from the squadron ceased, fuel shut-off valves closed, and pilot eject systems were disabled. The Reagan would lose its entire carrier air wing of F-35s and pilots in less than two hours. The U.S. Navy would learn too late that three years prior the Chinese had successfully accessed the network at Turkey’s F-35 reprogramming center, discovered vulnerabilities in the F-35’s source code, and developed exploitation software to bring down the aircraft without firing a shot. 

If the scenario above sounds too far fetched, consider that the F-35’s source code is ‘the holy grail’ for “controlling everything from weapons integration to radar to flight dynamics.”[1]  Then consider that hackers have stolen several terabytes of information related to the F-35’s design and electronics systems; in certain instances the stolen information was encrypted so officials are not certain what data was compromised.[2]  This vignette serves to highlight vulnerabilities to U.S. cutting-edge technology.  Moreover, it points to only one of a myriad of constantly changing challenges to protecting U.S. technological advantages. 

Robust intelligence support that goes beyond the intelligence community’s (IC) current stove-piped structures and missions is required to assist in recognizing threats to U.S. critical technologies. The Director of National Intelligence (DNI) should established a Technology Security National Intelligence Mission Manager to coordinate the IC’s support throughout the export control process and thus better ensure that U.S. critical technologies are adequately safeguarded.

Background.  The United States is the world’s leader in advanced military technologies.[3]  At one end of the spectrum, these technologies help to ensure that a U.S. soldier, airman, seaman, or marine does not have to fight a ‘fair fight’, at the other end they provide capabilities that ensure national survival, such as protection against weapons of mass destruction. The compromise of critical U.S. technologies has the potential to seriously endanger national security comparable to or greater than any threat from terrorism, yet, in comparison, IC support for technology security is rather underwhelming. 

Of course the easiest way to protect advanced U.S. military technology would simply be to keep it under lock and key. However, it’s in U.S. interests that international partners and allies also possess substantial military capabilities. Further, as the volatile post-cold war security environment drives the U.S. to engage increasingly with non-traditional partners, the associated precedent-setting transfers of sophisticated military capabilities to new partners makes protecting these capabilities even more challenging. The entities from which technology must be restricted is no longer limited to a handful of ‘unfriendly states’ but now includes an infinite number of potentially ‘unfriendly individuals.’ [4]

Consequently any U.S. export control system will be somewhat schizophrenic in nature. While there is a very pressing requirement to safeguard sensitive capabilities, there is often an opposing need to provide those same capabilities to friends and allies. This conflicting nature of export control is enduring. Conversely, the nature of what is being controlled – technology – and how it is controlled is ever-changing. U.S. military advantages are increasingly derived from technologies that are constantly evolving – improving – ostensibly at an exponential rate.[5]

Coupling the aforementioned trends with an arms transfer system designed for the cold war makes cooperation with foreign partners difficult and does not necessarily protect critical technologies.[6] President Barack Obama recognized these challenges and initiated a comprehensive interagency review to reform the export system. As the U.S. brings its arms transfer system into the 21^st century through the current reform efforts, leaders have an ideal opportunity to ensure that meaningful intelligence support is fully integrated into the export control process.

            Export Control Reform and Intelligence Support.  The comprehensive review of export controls determined the current system required substantial reform in all four areas of control: what is controlled, how it’s controlled, how the U.S. enforces those controls, and how the U.S. manages those controls.[7]  Towards this end, the Administration envisions the establishment of a single control list, a single licensing authority, a single enforcement coordination agency, and a single information technology system.[8] 

Despite the significance of U.S. advanced technologies and the potential impact of their vulnerabilities on national security, there is a near eerie absence of intelligence support in the proposed reforms. For the moment, IC support is limited to a senior liaison officer assigned to the single enforcement coordination agency with a focus on the traditional criminal aspects of illegal arms transfers.[9] However, there remains a readily apparent and, indeed, a pressing need for the IC to be integrated throughout the transfer process to provide critical functions in each of the core areas of export control. 

Intelligence Support to the Single Control List.  Currently the State Department has executive responsibility for the transfer of military capabilities that are on the Munitions List, and the Commerce Department oversees transfers of dual-use capabilities (items or services that have both a civilian and military function). The reform effort proposes a single control list that is tiered to allow the U.S. to build “higher walls” around the export of the most sensitive capabilities.[10]

            The IC should assist the policy community in identifying higher tier technologies based on foreign capabilities and the risks they present to the U.S. Likewise, the IC should assist in identifying critical requirements for foreign governments’ programs, such as their WMD programs. While they may not be viewed as critical technologies for the U.S., they may provide enabling capabilities that could advance an adversary’s program.[11]

Intelligence Support to the Single Licensing Authority. As with the control list, licensing authorities are divided between the Departments of State and Commerce. Reform efforts include the creation of a Single Licensing Authority. If properly integrated, the IC could be a responsive asset in the development and execution of export control policies and decisions.[12]

            This means moving beyond the traditional intelligence support to license reviews or assessments concerning a partner’s ability to protect sensitive technology or data.  While these functions are still extremely important, the establishment of a single licensing authority is an opportunity to better integrate intelligence into transfer decisions. Similarly, this integration could permit the IC to leverage certain transfers in a systematic process that may assist in meeting other strategic-level intelligence requirements or facilitate the development of intelligence sharing arrangements with new foreign intelligence partners. To achieve this higher level of coordination, a senior representative from the DNI should serve in a prominent position on the Single Licensing Agency staff.[13] 

Intelligence Support to the Export Coordination Enforcement Center. A November 2010 executive order established the Export Coordination Enforcement Center. While the order notes the importance of sharing intelligence for the enforcement of export control laws, there is a notable domestic bias in the mission of the center. It would also be valuable to utilize the IC for specific collection requirements on various foreign activities abroad which would identify the diversion or proliferation of controlled technologies.[14]

            The ease with which information, including design and electronics system schematics of our most prized fighter aircraft as noted above, can be accessed and transferred around the world in seconds requires an evaluation of risks emanating from the cyber domain as well.[15] The IC has unique capabilities that can assist in enforcement efforts in this area too. The IC’s full integration into the center with a broader focus than presently envisioned would improve enforcement capabilities.

Intelligence Support to the Single IT System. Currently, each stakeholder in the export control process manages its processes through separate IT systems. The administration plans on integrating these disparate systems into one single system. In addition to being the vehicle to managing transfer requests, this system could provide the IC with a powerful analytical tool to assist in identifying the acquisition trends of foreign governments, spot vulnerabilities for certain commodities, note unusual volume of certain technologies that may indicate diversion, or provide any number of assessments or information resulting from the consolidation of the various export control IT systems.

            Conclusion.  The overarching theme of increasing intelligence support to the export control system highlights the opportunities and benefits to be gained by the IC’s integration throughout the export process. The present reform efforts within the IC dovetail perfectly with reforms currently underway in the export control arena. As the DNI stands up National Intelligence Mission Managers along country or functional area considerations, a Technology Security Mission Manager should be created to coordinate intelligence support requirements associated with the protection of U.S. critical technologies.[16] The Technology Security Mission Manager should ensure the policy community’s technology security intelligence requirements are properly integrated into the National Intelligence Priorities Framework (NIPF) and are adjusted to reflect the ever-changing nature of technology.[17] The systematic integration of intelligence support across all four core areas of export control would significantly enhance the government’s ability to protect its most critical technologies.

            The U.S. cannot afford to discover the exploitation of vulnerabilities or the diversion of its best capabilities after the shooting begins. Unlike other threats, the damage our adversaries can inflict will not be known until the capability fails to function, is rendered obsolete through countermeasures, or is used against U.S. forces. An integration of IC support into the export control process will significantly mitigate the risks of such potentially devastating consequences.