itar ear security briefing
play

ITAR / EAR Security Briefing Company Overview March 12, 2015 - PowerPoint PPT Presentation

ITAR / EAR Security Briefing Company Overview March 12, 2015 INTRODUCTION ITAR & EAR Training For Employees Working with ITAR &EAR Controlled Technology I nternational E xport T raffic in A dministration A rms R egulations R


  1. ITAR / EAR Security Briefing Company Overview – March 12, 2015

  2. INTRODUCTION ITAR & EAR Training For Employees Working with ITAR &EAR Controlled Technology I nternational E xport T raffic in A dministration A rms R egulations R egulations Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  3. NATIONAL SECURITY Something of Value… Country Job Family Freedom Cumbernauld, Scotland Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  4. TYPES OF NATIONAL SECURITY INFORMATION Unclassified Sensitive Information TOP SECRET SECRET CNWDI CONFIDENTIAL RESTRICTED FOR OFFICIAL USE COMSEC ONLY NATO Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  5. TWO LISTS GOVERNING EXPORTS USML: US Munitions List Administered by the Department of State with concurrence of the Department of Defense  Defense Articles and Defense Services items controlled under the ITAR  Items controlled under USML (categories I-XXI)  CCL: Commerce Control List Administered by the Department of Commerce under the Bureau of Industry and Security  Commercial items controlled for export under the EAR  Items controlled by ECCN (numeric, alpha, numeric numbers – i.e. example:  3A001,5A991,3A611.y Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  6. ITAR SECURITY BRIEFING What is ITAR?  Procedures for processing ITAR orders & handling technical data  Reporting obligations and requirements  Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  7. ITAR IS… International T raffic and Arms (ITAR) controls defense  articles, defense services, and related technical data, including most non-sporting weapons Protecting ITAR Information to protect the War Fighter  Regulated by the Department of State Directorate of  Defense T rade Controls(DDTC) Insures Arms and Protected T echnology does not fall into  the wrong hands Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  8. WHO IS A U.S. PERSON? Under ITAR 22 CFR § 120.15 US citizen  Permanent resident with a “green card”  Designated an asylee or refugee  = U.S. PERSON A temporary resident under amnesty provisions  Entity incorporated to do business in the U.S.  * but the company itself may have foreign persons employees Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  9. WHO IS A FOREIGN PERSON Under ITAR 22 CFR § 120.16 A “Foreign Person” is: Not a U.S. citizen, permanent resident, or protected person (political asylee)  Definition of “person” includes corporations and other business associations, as well as natural  persons Why is this important? Deemed Exports  Physical or electronic access to technical data by foreign national in the U.S.  Oral exchanges of information in the U.S.  Visual inspection by foreign national of U.S.-origin equipment and manufacturing operations  Observations by foreign persons of application to situations of personal knowledge or technical experience  I-129 Forms  Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  10. WHAT IS “TECHNICAL DATA”? Under ITAR 22 CFR § 120.10 Information required to design, develop, produce, manufacture,  assemble, operate, repair , test, maintain or modify defense articles, e.g.: - Blue prints - Drawings - Photographs - Instructions - Plans - Documentation Classified information relating to defense articles and defense services on the  USML and 600 series items controlled by the Commerce Control List Information covered by an Invention Secrecy Order  Software directly related to a defense article  120.45(f)Software includes but is not limited to the system functional design, logic flow, algorithms, application programs, operating systems, and support software for design, implementation, test, operation, diagnosis and repair But does not include information in the public domain  Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  11. TECHNOLOGY TARGETS Electronic Systems and Subsystems  Integrated Circuits  Radar Electronics  Guidance & Navigation Electronics  Collection Methods Phishing Requests  Screen Photos with Cell Phone  Image Drives in Conference Room  Stealing Data on Laptop in Hotel Room  Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  12. ITAR COMPLIANCE TIMELINE Corporate Systems Transition Network Cameras Molex Email Bridge Badge Readers Accounts Server Badge & Upgrade Upgrade Intranet Upgrade ITAR Training Requirements ITAR Technical Data Security Physical Training Security Training Watch Dox Training Veronis Training Universal PDM Tool Training Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  13. WHO RECEIVES ITAR TECHNICAL DATA ACCESS? PERMISSION Administrative action, usually involving a USA Person check and permission granting by your supervisor + = NEED TO KNOW Duties and projects that require you to work with ITAR sensitive material Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  14. ITAR DATA SECURITY PRACTICES  Vigilance Security Awareness   Training Formal  Impromptu   Standard Procedures Working with  T ransmitting (Can’t be emailed as it is stored in the Cloud)  Securing  Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  15. WHAT IS EAR?  Export Administration Regulations  Administered by The Department of Commerce  In essence, the EAR control any item warranting control that is not exclusively controlled for export, reexport, or transfer (in-country) by another agency of the U.S. Government or otherwise excluded from being subject to the EAR pursuant to Sec. 734.3(b) of the EAR.  Controls Dual-use items* * dual-use" item is one that has civil applications as well as terrorism and military or weapons of mass destruction (WMD)-related applications Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  16. WHAT IS CONTROLLED TECHNOLOGY UNDER THE EAR? The US Export Administration Regulations define technology under  the EAR §772 as: “T echnology” – is specific information necessary for the “development,”  “production,” or “use” of a product. The information takes the form of “technical data” or “technical assistance.” “T echnical assistance” may take forms such as instruction, skills training,  working knowledge, consulting services. “T echnical data” may take forms such as blueprints, plans, diagrams,  models, formulae, tables, engineering designs and specifications, manuals and instructions written or recorded on other media or devices such as disk, tape, read-only memories. Under the Export Administration the releasing of controlled technology to a foreign person is informally referred to as a Deemed Export. Release of controlled technology to foreign persons in the U.S. are "deemed" to be an export to the person’s country or countries of nationality Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  17. DEEMED EXPORT UNDER THE EAR  T echnology is "released" for export when it is available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.); when technology is exchanged orally or electronically or when technology is made available by practice or application under the guidance of persons with knowledge of the technology Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  18. HOW DO I MANAGE CONTROLLED TECHNOLOGY? TRAINING-AWARENESS  PROPER IDENTIFICATION/CLASSIFICATION  - Determine jurisdiction -subject to the ITAR or EAR? TECHNOLOGY CONTROL PLAN (TCP)  Develop and implement T echnology Control Plan Company wide, project specific, or employee specific?  CONTRACT CLAUSES - Include robust export compliance clause in  relevant contract or obtain compliance certifications Each party to retain responsibility for compliance with export control and  economic sanctions laws Require parties to provide notice prior to transferring controlled items  Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  19. SECURITY PROCEDURES AND DUTIES It is your personal responsibility to know that the person you are dealing with is both properly permissioned and has a need to know You must never reveal or discuss ITAR ,EAR or Sensitive/controlled technology information with anyone other than those that are properly permissioned and have a need to know Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

  20. PROTECTION OF ITAR & EAR INFORMATION: Always use ZIP and encrypting before sending ITAR & EAR sensitive Make sure secure data to customers and vendors Screen Saver installed and working (if not submit helpdesk request) Know and use correct email procedures for ITAR &EAR sensitive data transmission Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

Recommend


More recommend