Foreign Firms a Mainstay Of Pentagon Contracting
Foreign Firms a Mainstay Of Pentagon Contracting
By Ellen McCarthy
Washington Post Staff Writer
Saturday, March 18, 2006; D01
Edward Nadworny's bosses at CGI Group Inc. are just up the road in Montreal, but to the U.S. government he still works for a foreign company, which means logging every phone call to Canada, submitting his e-mails for audits, and being supervised by a local board whose members have been approved by the Defense Department.
If he and his colleagues from other parts of the company chat about work at happy hour, they must tell a Pentagon-approved security officer what they discussed. It's inconvenient but a fact of life for the dozens of foreign-owned companies authorized to do high-level security work for the U.S. government.
"I log my calls more frequently than I do my expenses. . . . It's just a way of doing business," says Nadworny, who runs CGI Federal, a subsidiary of the Canadian firm that was set up to win software and other information technology contracts with the U.S. government.
As politicians battled in recent weeks over a Dubai firm's plan to take control of a company that operates U.S. ports, the fight stood in relief to a reality that local government contractors know well: Foreign-owned companies already help manage some of the nation's most sensitive business, working on classified weapons and information programs and dealing daily with government secrets.
At least 98 foreign-owned firms like CGI have agreements with the Pentagon that allow them access to classified government programs, up from 58 a decade ago, according to the Defense Security Service, the office of the Pentagon that oversees companies that do classified work. With joint defense projects among allies common, and the need for the best technology ever more acute, contracting experts say they expect the trend to continue.
"We're in a global technology environment," said Stan Z. Soloway, president of the Professional Services Council, a government contracting industry group that includes foreign-owned companies like BAE Systems Inc.
An Italian-owned firm is designing the president's new helicopter; a Paris-owned firm is making the new radios for U.S. Special Operations Forces; at the Chesapeake Innovation Center, an Annapolis incubator for homeland security companies that counts the National Security Agency among its partners, five of the 24 companies it has assisted were based overseas.
"Some of our allies have had more extensive experience in homeland security than the United States," said Mark Sauter, the incubator's chief operating officer. "We can't afford to get into a 'not invented here,' mindset."
The Defense Security Service would not release the names of the foreign-owned companies with access to classified information, though many, like BAE, are well known. But the agency did provide a list of their 18 home nations. The list includes nine nations that are part of the North Atlantic Treaty Organization, such as France and Britain; all but four -- Australia, Bermuda, Israel and Singapore -- are European.
That in itself indicates a certain caution concerning which companies can get access to sensitive data, said Steve Schooner, a professor of government contracting law at George Washington University Law School.
"The bottom line is: Who are you willing to share your technology with?" Schooner said. "For more developed countries, we have more expectation for rule of law, respect for classified information."
Despite the comparative openness of the U.S. economy -- overseas investors own buildings and businesses throughout the country -- foreign involvement can touch a nerve. The Dubai port deal was ultimately scuttled over security concerns. The purchase of International Business Machine Corp.'s personal computer division by Chinese firm Lenovo Group Ltd. was put through a national security review before being approved. Locally, an Israeli company's proposed takeover of Columbia-based computer security firm Sourcefire Inc. has triggered a review because of Sourcefire's contracts with intelligence agencies.
Foreign-owned or controlled companies that work with classified information are subject to a special set of rules. The firms must set up U.S. subsidiaries with separate boards that include members approved by the Defense Department. The subsidiaries must have their own e-mail systems and network servers and must fully document communications with employees of the parent company -- hence Nadworny's phone logs.
U.S. citizens must be involved in key roles and are the only individuals who can be cleared to have access to classified material, a fact Pentagon officials consider an important protection.
A report published by the Government Accountability Office last July, however, found the system lacking -- understaffed, too dependent on self-reporting by companies, and unable to fully track foreign involvement with high-security U.S. contractors. In one instance, the GAO found that a foreign-owned company had access to classified information for six months before proper safeguards were in place. In another, the GAO found that Pentagon officials were unaware that a company had hired a foreign national as its president until someone spotted the fact on a Web site nine months later.
"Just think of the magnitude, the complexity, of monitoring what 96 companies are doing with access to classified information. Just the potential for letting something slip or get in the way is hugely magnified," said Rep. John Barrow (D-Ga.), a critic of the Dubai ports deal.
Defense Department officials and contracting experts defended the current system.
In a written response to the GAO, Carol A. Haave, deputy undersecretary of defense for counterintelligence and security, said that defense officials vet foreign involvement in contractors carefully, but also keep in mind issues like the "nature and source" of the foreign involvement, the sensitivity of the information, and "the relationship of the foreign source's government with our government."
"If there is any indication of risk to classified information . . . appropriate action is taken."
David Dempsey, a partner with Holland & Knight LLP who helps foreign companies navigate Pentagon regulations, said it can take up to nine months and cost as much as $600,000 to comply. But, he added, the system seems to work.
"I have never seen an intentional breach and I have never seen a serious breach," of security rules, Dempsey said.
No comments:
Post a Comment