SEC. 845. DEFENSE INDUSTRIAL SECURITY.
(a) Defense Industrial Security-
(1) IN
GENERAL- Subchapter I of chapter 21 of title 10, United States
Code, is amended by adding at the end the following new
section:
`Sec.
438. Defense industrial security
`(a) Responsibility for Defense Industrial Security- The
Secretary of Defense shall be responsible for the protection of
classified information disclosed to contractors of the
Department of Defense.
`(b) Consistency With Executive Orders and Directives- The
Secretary shall carry out the responsibility assigned under
subsection (a) in a manner consistent with Executive Order 12829
(or any successor order to such executive order) and consistent
with policies relating to the National Industrial Security
Program (or any successor to such program).
`(c) Performance of Industrial Security Functions for Other
Agencies- The Secretary may perform industrial security
functions for other agencies of the Federal government upon
request or upon designation of the Department of Defense as
executive agent for the National Industrial Security Program (or
any successor to such program).
`(d) Regulations and Policy Guidance- The Secretary shall
prescribe, and from time to time revise, such regulations and
policy guidance as are necessary to ensure the protection of
classified information disclosed to contractors of the
Department of Defense.
`(e) Dedication of Resources- The Secretary shall ensure that
sufficient resources are provided to staff, train, and support
such personnel as are necessary to fully protect classified
information disclosed to contractors of the Department of
Defense.
`(f) Biennial Report- The Secretary shall report biennially to
the congressional defense committees on expenditures and
activities of the Department of Defense in carrying out the
requirements of this section. The Secretary shall submit the
report at or about the same time that the President's budget is
submitted pursuant to section 1105(a) of title 31, United States
Code, in odd numbered years. The report shall be in an
unclassified form (with a classified annex if necessary) and
shall cover the activities of the Department of Defense in the
preceding two fiscal years, including the following:
`(1)
The workforce responsible for carrying out the requirements of
this section, including the number and experience of such
workforce; training in the performance of industrial security
functions; performance metrics; and resulting assessment of
overall quality.
`(2) A description of funds authorized, appropriated, or
reprogrammed to carry out the requirements of this section,
the budget execution of such funds, and the adequacy of
budgets provided for performing such purpose.
`(3) Statistics on the number of contractors handling
classified information of the Department of Defense, and the
percentage of such contractors who are subject to foreign
ownership, control, or influence.
`(4) Statistics on the number of violations identified,
enforcement actions taken, and the percentage of such
violations occurring at facilities of contractors subject to
foreign ownership, control, or influence.
`(5) An assessment of whether major contractors implementing
the program have adequate enforcement programs and have
trained their employees adequately in the requirements of the
program.
`(6) Trend data on attempts to compromise classified
information disclosed to contractors of the Department of
Defense to the extent that such data are available.'.
(2) CLERICAL AMENDMENT- The table of sections at the beginning
of subchapter I of chapter 21 of title 10, United States Code,
is amended by adding at the end the following new item:
`438. Defense industrial security.'.
(b)
Submission of First Biennial Report- Notwithstanding the
deadline in subsection (f) of section 438 of title 10, United
States Code, as added by this section, the first biennial report
submitted after the date of the enactment of this Act pursuant
to such subsection shall be submitted not later than September
1, 2009, and shall address the period from the date of the
enactment of this Act to the issuance of such report.
(c) Report on Improving Industrial Security- Not later than
March 1, 2009, the Secretary of Defense shall submit to the
congressional defense committees a report on improving
industrial security, including, at a minimum, the following:
(1)
The actions taken or actions planned to implement the
recommendations of the Comptroller General as embodied in the
report entitled `Industrial Security: DOD Cannot Ensure Its
Oversight of Contractors Under Foreign Influence Is
Sufficient' (GAO-05-681; July 2005).
(2) Other actions taken or action planned to improve
industrial security.
(3) An analysis of the impact of emerging financial
arrangements such as sovereign wealth funds, hedge funds, and
other new financial debt and credit arrangements on the
Department's ability to identify and mitigate foreign
ownership, control, or influence.
(4) Any recommendations of the Secretary for modifying
regulations and policy guidance prescribed pursuant to section
438(d) of title 10, United States Code, or other regulations
or policy guidance addressing industrial security, to extend
best practices for industrial security across the broadest
possible range of defense contractors, and to improve
industrial security generally.
|
|
