1. UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009

2. - 2 - UNCLASSIFIED (U) Scope of the DSS Security Mission 675 FOCI facilities 252 FOCI mitigation agreements Support to 65 Foreign Countries NISP Support to 23 Government Agencies 12,801 active, cleared facilities in NISP Clear and inspect facilities 9,100 inspections (FY08) 1,791 new facility clearances granted (FY08) 14,355 accredited systems in industry Adjudicate Industry Security Clearances (DISCO) More than 1M cleared contractors (June 30) 180,600 Personnel Security Adjudications (FY08) 13 days average to process all initial clearances by IRTPA measures Fund NISP Personnel Security Investigations $224.88M beginning NISP PSI funds (FY09) Estimated $159M expended as of June 27 Secure Industrial Base 100,000+ worldwide users 6 Legacy Security Systems 6 System Enhancements in Development 5 New Initiatives in Planning Phase Renewed Emphasis on IS Automation Transition PSI security systems 4,242 CI Suspicious Contact Reports (FY09 YTD) 421 Intelligence Information Reports (FY09 YTD) 14,537 personnel received Counterintelligence Threat Awareness Briefings (FY09 YTD) 6 IS Reps are signed up to take CI Fundamentals course at JCITA 3 IS Reps are signed up to take the CI Research Development & Acquisition Course at JCITA Enhancing relationship with LE/CI Communities DoD & NISP Functional Manager 64,778 students trained to date (FY09) 53,569 students trained (FY08) 400% increase over FY04 Provide information technology services Provide Foreign Ownership, Control or Influence mitigation/international Integrate Counterintelligence Deliver security education and training Oversee National Industrial Security Program

3. - 3 - UNCLASSIFIED (U) DSS Goals Strengthen and refocus DSS on NISP and SETA Programs and ensure effective oversight/management of NISP  Reduce ratio of industrial security professionals to cleared facilities  Enhance current Facilities of Interest List with additional CI and other risk factors  Establish professional development and certification program for Industrial Security personnel  Enhance current internal industrial security information management system  Strengthen Counterintelligence in industry  Facilitate industry access to threat information  Continue to integrate CI into Industrial Security Program  Continue staff augmentation to tailor and expand CI services to Cleared Defense Contractors,  Continue Counterintelligence and Law Enforcement Inter- agency community outreach  Transfer legacy systems associated with personnel security function  Retain Industrial Security Facilities Database (ISFD) and Electronic Network Registration and Online Learning (ENROL) and develop next generation system  Continue creation of web-based training  Address Stakeholder training by updating courses  Professionalize the security career field across DoD  Enhance Foreign Ownership, Control or Influence (FOCI) analytic branch to ensure proper reporting and develop trends in FOCI  Develop financial analysis cell to assess FOCI by foreign investment entities  Refine processes in the FOCI and International Branches  Develop policies and procedures for DSS overseas presence Oversee National Industrial Security Program Integrate Counterintelligence Provide information technology services Deliver security education and training Provide Foreign Ownership, Control or Influence mitigation/international

4. UNCLASSIFIED (U) National Industrial Security Program Authorities/Responsibilities Executive Order 12829, National Industrial Security Program (NISP), defines authorities & assigns responsibilities. Purpose is protection of classified information released to contractors. National Security Council (NSC) provides overall policy direction. Information Security Oversight Office (ISOO) Implementation and oversight Chairs NISP Policy Advisory Committee (NISPPAC) DoD is the Executive Agent Responsible for: Issuance/updating NISP Operating Manual (NISPOM) Operational oversight (except ODNI/CIA, DOE, NRC) DSS is the DoD Cognizant Security Office Administers NISP on behalf of DoD and 23 non-DoD agencies Clears companies and their employees Conducts oversight

5. UNCLASSIFIED (U) Basis for FOCI Oversight and Compliance Federal Acquisition Regulations Require government contracting activities to insert a Security Clause (FAR 52.204-2) whenever a contract requires access to classified information. Security Clause requires contractors to protect classified information in accordance with standards established in NISPOM. DoD Security Agreement As prerequisite for facility clearance (FCL), DoD cleared companies execute DoD Security Agreement. Agreement allows for termination by either party with 30 days notice. By executing DoD Security Agreement, companies agree to: Implement protection standards for industry established in NISPOM. Allow DoD to conduct compliance inspections (Unsatisfactory rating can lead to FCL revocation). Key NISPOM Requirements Reporting of material/significant changes to information provided by company on Certificate Pertaining to Foreign Interests, SF 328. Report when entering into “Discussions, consultations or agreements” that may lead to acquisition by a foreign interest. Companies must agree to an acceptable FOCI mitigation measure prior to closing of foreign acquisition or suffer invalidation (invalidation of the FCL automatically renders a contractor ineligible to bid on new classified contracts or to receive new classified material).

6. UNCLASSIFIED (U) FOCI and CFIUS Parallel but separate - “The Committee on Foreign Investment in the U.S. (CFIUS) review and the FOCI review are carried out in two parallel but separate processes with different time constraints and considerations.” Narrower scope - “A U.S. company is considered under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts” Recurring Oversight – DSS conducts annual inspections of 252 companies cleared under FOCI mitigation agreements (675 cleared facilities, includes branches, subsidiaries). (Source: NISPOM 2-310b, 2-300a)

7. UNCLASSIFIED (U) FOCI Adjudication Record of economic and government espionage against U.S. History of cooperation on technology transfer Type and sensitivity of information that will be accessed Source, nature and extent of FOCI Company’s record of compliance with U.S. laws, regulations, and contracts Nature of bilateral or multilateral security agreements with the foreign government Foreign government ownership or control (Source: NISPOM 2-301) DSS considers the following factors (in relation to the company, the foreign interest and the government of the foreign interest) in the aggregate to determine if a company is under FOCI, its eligibility for a clearance, and the protective measures required:

8. UNCLASSIFIED (U) FOCI Mitigation Agreements: Use depends on extent and nature of FOCI Board Resolution (BR) Foreign interest has minority ownership insufficient to elect board members BR identifies foreign shareholder and security requirements No access limitations Security Control Agreement (SCA) Foreign interest has minority ownership sufficient to elect board members SCA requires 1-3 disinterested, cleared, U.S. citizen Outside Directors No access limitations Special Security Agreement (SSA) Foreign interest has majority ownership and effectively controls company SSA requires 2+ disinterested, cleared, U.S. citizen Outside Directors Access to Proscribed Information* requires a National Interest Determination Proxy Agreement (PA) PA requires foreign interest to convey most voting rights, independence Requires cleared, disinterested, U.S. citizen proxy holders No access limitations Voting Trust (VT) VT requires foreign interest to convey legal title, independence Requires cleared, disinterested, U.S. citizen trustees No access limitations (Source: NISPOM 2-303) * Proscribed Information includes Top Secret, COMSEC, RD, SAP, or SCI

9. - 9 - UNCLASSIFIED Questions?