export controls and cloud computing complying with itar
play

Export Controls and Cloud Computing: Complying with ITAR, EAR and - PowerPoint PPT Presentation

Jun 27, 2023 •254 likes •747 views

Presenting a live 90-minute webinar with interactive Q&A Export Controls and Cloud Computing: Complying with ITAR, EAR and Sanctions Laws WEDNES DAY, APRIL 23, 2014 1pm East ern | 12pm Cent ral | 11am Mount ain | 10am

  1. Presenting a live 90-minute webinar with interactive Q&A Export Controls and Cloud Computing: Complying with ITAR, EAR and Sanctions Laws WEDNES DAY, APRIL 23, 2014 1pm East ern | 12pm Cent ral | 11am Mount ain | 10am Pacific Today’s faculty features: Hilary L. Hageman, Vice President & Deputy General Counsel, CACI International , Arlington, Va. Thaddeus R. McBride, Partner, Sheppard Mullin Richter & Hampton , Washington, D.C. Laura Tomarchio, Director, Trade Compliance, Symantec , Mountain View, Calif. Martina de la Torre, S r. Manager, Global Trade Compliance, Symantec , Mountain View, Calif. The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .

  2. Tips for Optimal Quality FOR LIVE EVENT ONLY S ound Qualit y If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-888-601-3873 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@ straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Qualit y To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

  3. Continuing Education Credits FOR LIVE EVENT ONLY For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps: • In the chat box, type (1) your company name and (2) the number of attendees at your location • Click the word balloon button to send

  4. Cloud Computing and Cybersecurity: Export Compliance Considerations Strafford Publications Webinar April 23, 2014

  5. 5 Agenda • Introduction • Cloud Computing and Export Controls • Cybersecurity Developments and Cloud Export Compliance • Compliance Challenges / Best Practices

  6. 6 Overview Cloud Computing and Export Controls

  7. 7 What is Cloud Computing? • 4 basic types ▫ Public : Provided by service provider to general public ▫ Com m unity : Shared by organizations from a specific community ▫ Private : Provided for a single organization, hosted / managed internally or externally ▫ Hybrid : Combined deployment of one or more types

  8. 8 Increasing Cloud Usage • U.S. government budget cutting and cost reduction initiatives • U.S. government “Cloud First” policy • Cost-savings and efficiencies driven by market

  9. 9 Export Controls • Export controls apply to the export, sharing or transfer of software and/ or technology (technical information) for the developm ent, production or use of export controlled items • Intangible transfers of controlled software and technology via electronic means may require an export authorization

  10. 10 Types of Technology • Development Technology ▫ Related to all phases prior to serial production ▫ e.g. , design, assembly and testing of prototypes, pilot production schemes, process of transforming design data into a product • Production Technology ▫ Related to all production phases ▫ e.g. , construction, production engineering, manufacture, integration, assembly (mounting), inspection, testing, quality assurance • Use technology ▫ Operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing

  11. 11 Examples of Exports • Storing controlled technology / data on cloud servers located in China • Encrypted email containing ITAR-controlled data routed through server in Calcutta • U.S. project hosted by defense contractor on cloud allowing access by non-U.S. employees • Hosting and using clouds without observing requisite IT security standard of care

  12. 12 Regulatory Guidance • Department of Commerce has published two Advisory Opinions ▫ Focus on responsibilities for cloud service providers ▫ The Opinions do not specifically address responsibilities of cloud service users

  13. 13 Commerce Guidance (cont.) Guid a nce K ey Points Advisory • Cloud provider not considered “exporter” when user Opinion of exports data on the cloud 13 Jan 2009 • Provision of computational capacity not subject to EAR, but software provided to enable use may be subject to the EAR • Cloud providers remain subject to restrictions on knowingly supporting WMD / missile-related activities • Prohibition on access to computers / software under License Exception APP by nationals of Cuba, Iran, North Korea, Sudan and Syria does not apply if individual system access cannot be distinguished in the cloud • Cloud providers not required to inquire about nationality of users

  14. 14 Commerce Guidance (cont.) Guid a nce K ey Point • Cloud providers not required to obtain “deemed Advisory Opinion of 11 January 2011 export” licenses for non-U.S. IT administrators servicing / maintaining cloud computing systems

  15. 15 Perilous ITAR Landscape • Cloud not specifically addressed in law and regulations • No official guidance from DDTC ▫ No distinction between users and providers ▫ Strict liability ▫ Adherence to traditional rules • Rapidly evolving IT security “standard[s] of care” enhance ambiguities

  16. 16 DTAG White Paper • May 2013 White Paper from Defense Trade Advisory Group (DTAG) ▫ Addresses issues posed by / possible solutions to issue of “exporting” data to a number of different servers for storage purposes ▫ Proposed solution: encryption of materials stored in a cloud through a cipher text ▫ Per DTAG, this is not an “export” unless the encrypted text and encryption key allowing text to be viewed in legible format were sent outside United States

  17. 17 DTAG Paper (cont’ d) • Very practical guidance but … • … no indication DDTC intends to accept these suggestions

  18. 18 Economic S anctions • Approximately 25 different U.S. sanctions regulations • Regulator: U.S. Treasury Department, Office of Foreign Assets Control (OFAC) • Jurisdiction over all U.S. persons • Includes all persons in United States • In case of Cuba and Iran, includes non- U.S. entities owned / controlled by a U.S. person

  19. 19 S anctions - Types • Comprehensive • Cuba, Iran, [North Korea], Sudan, Syria • Selective • Belarus, Russia , Myanmar (Burma), Zimbabwe • Programmatic • Narcotics Traffickers, Terrorists, Weapons Proliferators

  20. 20 Export of S ervices • Prohibition on direct and indirect provision of services to sanctions targets • Providing service anywhere may be prohibited if benefit of service is received by sanctioned party or in sanctioned country ▫ For example:  providing cloud computing services to a Syrian national SDN resident in London  repairing a private cloud server used by the national government of Belarus

  21. 21 Facilitation • U.S. persons are prohibited from facilitating action that would be prohibited if performed by a U.S. person • Broadly defined – covers virtually any assistance of a prohibited transaction • Exam ple : Cannot facilitate technology transfers for a non-U.S. company related to its business in Iran

  22. 22 Liability IMPORTANT POINT: There can be liability for any person, regardless of nationality, who causes a violation

  23. 23 Recent Cybersecurity Developments and Cloud Export Compliance

  24. 24 Recent U.S . Cybersecurity Efforts • DoD / GSA Joint Working Group on Improving Cybersecurity and Resilience through Acquisition • Defense Federal Acquisition Regulation Supplement: Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011–D039) • NIST Framework for Improving Critical Infrastructure Cybersecurity

  25. 25 DoD & GS A Working Group Final Report of the Joint Working Group on Im proving Cybersecurity and Resilience through Acquisition ▫ Released January 23, 2014 by GSA and DoD ▫ Specific acquisition strategy recommendations

  26. 26 DFARS • Unclassified Controlled Technical Inform ation and Cyber Incident Reporting ▫ Wide-ranging changes to DoD Contracts & Subcontracts ▫ Requires government contractors to “provide adequate security” for technology systems “that m ay have unclassified controlled technical information [UCTI] resident on or transiting through.. .” (48 C.F.R. §§ 252.204- 7012(b)(1))  Likely applicable to a contractor’s entire network

  27. 27 Controlled Technical Information • Controlled technical inform ation “means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.” (48 C.F.R. § 252.204-7301)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Export Controls and Cloud Computing: Complying with ITAR, EAR and Sanctions Laws TUESDAY, MAY 10,

Export Controls and Cloud Computing: Complying with ITAR, EAR and Sanctions Laws TUESDAY, MAY 10,

Presenting a live 90-minute webinar with interactive Q&A Export Controls and Cloud Computing: Complying with ITAR, EAR and Sanctions Laws TUESDAY, MAY 10, 2016 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

360 views • 33 slides
Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When

Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When

Presenting a live 90-minute webinar with interactive Q&A Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When Using Cloud Storage and Services TUESDAY, APRIL 2, 2013 1pm Eastern | 12pm

461 views • 42 slides
Complying with ITAR Requirements Amid Increased Enforcement Identifying Risks, Implementing an

Complying with ITAR Requirements Amid Increased Enforcement Identifying Risks, Implementing an

Presenting a live 90-minute webinar with interactive Q&A Complying with ITAR Requirements Amid Increased Enforcement Identifying Risks, Implementing an Effective Compliance Strategy, and Avoiding Inadvertent Violations WEDNESDAY, FEBRUARY

840 views • 44 slides
Cyber Security and Export Controls: You Need to Know More Than You Already Do AnnaLisa

Cyber Security and Export Controls: You Need to Know More Than You Already Do AnnaLisa

Cyber Security and Export Controls: You Need to Know More Than You Already Do AnnaLisa Nash Export Control Officer, NDSU Why Should You Care About Export Controls? so you can avoid HERE. When Should You Care? NOW. U.S. export

758 views • 65 slides
S.P.A.C.E. Export Compliance Awareness S.P.A.C.E. Training Session 5- Export Controls Robert

S.P.A.C.E. Export Compliance Awareness S.P.A.C.E. Training Session 5- Export Controls Robert

S.P.A.C.E. Export Compliance Awareness S.P.A.C.E. Training Session 5- Export Controls Robert Phillips Rutgers Export Compliance Officer 11/20/2018 Objectives Create open dialogue on Export control law awareness with Rutgers University

795 views • 33 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
ITAR / EAR Security Briefing Company Overview March 12, 2015 INTRODUCTION ITAR & EAR

ITAR / EAR Security Briefing Company Overview March 12, 2015 INTRODUCTION ITAR & EAR

ITAR / EAR Security Briefing Company Overview March 12, 2015 INTRODUCTION ITAR & EAR Training For Employees Working with ITAR &EAR Controlled Technology I nternational E xport T raffic in A dministration A rms R egulations R

666 views • 31 slides
US Export Control Reforms One Year On! Warren Bayliss, Head of Export Controls, Defence

US Export Control Reforms One Year On! Warren Bayliss, Head of Export Controls, Defence

US Export Control Reforms One Year On! Warren Bayliss, Head of Export Controls, Defence Aerospace. Trusted to deliver excellence Rolls-Royce data strictly private 1 The journey we have travelled Absorbed Faced reality of reforms &

415 views • 7 slides
Electronic Export Controls Recordkeeping Process for Academic Visitors (for Humanities and Social

Electronic Export Controls Recordkeeping Process for Academic Visitors (for Humanities and Social

Electronic Export Controls Recordkeeping Process for Academic Visitors (for Humanities and Social Sciences) Office of Export Controls Services March 2018 Visitor Information Data Entry Procedures Humanities and Social Sciences Humanities and

490 views • 36 slides
The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

DEUTSCH-FRANZSISCHE SOMMERUNIVERSITT UNIVERSIT DT FRANCO-ALLEMANDE FR NACHWUCHSWISSENSCHAFTLER 2011 POUR JEUNES CHERCHEURS 2011 CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : DFIS ET OPPORTUNITS

965 views • 50 slides
What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services, including Servers, Storage, Databases, Networking, Software, Analytics and Intelligence over the Internet (The Cloud) to offer faster innovation,

338 views • 13 slides
CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial Cloud Computing PRESENTED TO HOUSE COMMITTEE ON GOVERNMENT TRANSPARENCY & OPERATION LEGISLATIVE BUDGET BOARD STAFF April 5, 2016 Statement of

373 views • 8 slides
Electronic Export Controls Recordkeeping Process for Academic Visitors (Data Entry Procedures for

Electronic Export Controls Recordkeeping Process for Academic Visitors (Data Entry Procedures for

Electronic Export Controls Recordkeeping Process for Academic Visitors (Data Entry Procedures for a Brief Visit) Office of Export Controls Services March 2018 Visitor Information Data Entry Procedures Brief Visits Brief Visits A brief

633 views • 36 slides
Electronic Export Controls Recordkeeping Process for Academic Visitors (for STEM-Discipline-Based

Electronic Export Controls Recordkeeping Process for Academic Visitors (for STEM-Discipline-Based

Electronic Export Controls Recordkeeping Process for Academic Visitors (for STEM-Discipline-Based Visitors) Office of Export Controls Services March 2018 Visitor Information Data Entry Procedures STEM-Related Visits STEM-Related Visits STEM

569 views • 42 slides
Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher education and research community in general and of an NREN in specific. CLOUD COMPUTING SaaS PaaS STaaS IaaS Utility GRID computing

458 views • 9 slides
Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing?

Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing?

Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing? Hosting Domain names Secure communication 2 The Cloud? Not just marketing-speak for someone elses computer (though it is that too ) Cloud

1k views • 36 slides
ABC: A New Fast Flexible Stream Cipher Vladimir Anashin Andrey Bogdanov* Ilya Kizhvatov

ABC: A New Fast Flexible Stream Cipher Vladimir Anashin Andrey Bogdanov* Ilya Kizhvatov

ABC: A New Fast Flexible Stream Cipher Vladimir Anashin Andrey Bogdanov* Ilya Kizhvatov Russian State University for the Humanities Faculty of Information Security *Partially supported by the Institute for Experimental Mathematics, University

453 views • 19 slides
generations? Steve Babbage Vodafone Distinguished Engineer C1 Unrestricted Who am I?

generations? Steve Babbage Vodafone Distinguished Engineer C1 Unrestricted Who am I?

How can 5G security improve on earlier generations? Steve Babbage Vodafone Distinguished Engineer C1 Unrestricted Who am I? Vodafone Distinguished Engineer Cryptography, security, mathematics Chair of ETSI SAGE Security

494 views • 11 slides
WEMS IT User Group Mark Brodziak: Solutions Architect John McLean: Project Manager Arthur

WEMS IT User Group Mark Brodziak: Solutions Architect John McLean: Project Manager Arthur

WEMS IT User Group Mark Brodziak: Solutions Architect John McLean: Project Manager Arthur Panggabean: Market Support Lead 3 July 2015 AGENDA Schedule for upcoming releases EV certificate and cipher changes WEMS 3.11 Patch 4 WEMS 3.12

635 views • 15 slides
Some Observations on Reusing One-Time Pads within Dice Codings 1 Sebastian Pape, Databases and

Some Observations on Reusing One-Time Pads within Dice Codings 1 Sebastian Pape, Databases and

10. Kryptotag Sebastian Pape Some Observations on Reusing One-Time Pads within Dice Codings 1 Sebastian Pape, Databases and Interactive Systems Research Group Overview Dice Codings Invalid Keys Attacking the Key Pad

312 views • 20 slides
Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones Information Technology Security Location User Messaging Tracking Network * CEO A. Baar Akbay CFO PDM M. Melih H. Hakan Deirmenci Kahraman

371 views • 36 slides
SVD and Cryptograms by Tim Honn & Seth Stone College of the Redwoods

SVD and Cryptograms by Tim Honn & Seth Stone College of the Redwoods

Linear Algebra Fall 2002 1/28 SVD and Cryptograms by Tim Honn & Seth Stone College of the Redwoods Eureka,CA Math dept. email: timhonn@cox.net email: lamentofseth@hotmail.com Introduction Cryptology is

573 views • 28 slides
CIRCUIT COURT CLERK COUNTY MANAGERS PROPOSED FY 2020 BUDGET County Board Work Session March

CIRCUIT COURT CLERK COUNTY MANAGERS PROPOSED FY 2020 BUDGET County Board Work Session March

CIRCUIT COURT CLERK COUNTY MANAGERS PROPOSED FY 2020 BUDGET County Board Work Session March 27, 2019 Providing exceptional customer service through cooperation and teamwork. Department Overview CCT Highlights New STARR Probate System

394 views • 10 slides
United States Court of Appeals for the Federal Circuit 99-1564 KUSTOM SIGNALS, INC.,

United States Court of Appeals for the Federal Circuit 99-1564 KUSTOM SIGNALS, INC.,

United States Court of Appeals for the Federal Circuit 99-1564 KUSTOM SIGNALS, INC., Plaintiff-Appellant, v. APPLIED CONCEPTS, INC. and JOHN L. AKER, Defendants-Appellees. D. A. N. Chase, Chase & Yakimo, L.C., of Overland Park, Kansas,

753 views • 16 slides

More recommend