NATO Standardization versus U.S. Data Releasability: An Approach to Resolving the Conflict

The report delineates two chains of direction which can conflict in the program office. One chain supports the national policy goal of increasing the effectiveness of NATO by standardizing systems to achieve interoperability. The other chain supports the national policy goal of protecting U.S. security by restricting the transfer of data and technology. These national policies can conflict in a program office if implementing NATO standardization requires release of vital U.S. data. The study describes how to achieve both goals: NATO standardization and protection of U.S. data. How depends on the particular situation, and the particular situation depends on two factors. One factor is the type of data which are involved: threat data, U.S. system capabilities/vulnerabilities, or technology. The other factor is the potential disclosee: NATO government, NATO industry, or non-NATO buying government. These factors can be arranged into a three-by-three matrix which results in nine general data - disclosee cases. For each general case, the report suggests possible strategies for avoiding or minimizing standardizations - releasability conflicts. The mechanisms involve alternate threat models, sanitized system engineering documents, use of Data Exchange Agreements, and the like. Emphasis is placed on early planning for NATO standardization impacts on a program and on adding foreign disclosure specialists and administrative security personnel to the program management team. (Author)