ITAR / EAR Security Briefing Company Overview March 12, 2015 - - PowerPoint PPT Presentation

Company Overview – March 12, 2015

ITAR / EAR Security Briefing

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing ITAR & EAR Training For Employees Working with ITAR &EAR Controlled Technology

INTRODUCTION Export Administration Regulations International Traffic in Arms Regulations

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

Cumbernauld, Scotland

NATIONAL SECURITY

Something of Value… Country Job Freedom Family

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

TYPES OF NATIONAL SECURITY INFORMATION Unclassified Sensitive Information

SECRET

CONFIDENTIAL

TOP SECRET

RESTRICTED FOR OFFICIAL USE ONLY NATO CNWDI COMSEC

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

TWO LISTS GOVERNING EXPORTS

USML: US Munitions List



Administered by the Department of State with concurrence of the Department of Defense



Defense Articles and Defense Services items controlled under the ITAR



Items controlled under USML (categories I-XXI) CCL: Commerce Control List



Administered by the Department of Commerce under the Bureau of Industry and Security



Commercial items controlled for export under the EAR



Items controlled by ECCN (numeric, alpha, numeric numbers – i.e. example: 3A001,5A991,3A611.y

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

ITAR SECURITY BRIEFING



What is ITAR?



Procedures for processing ITAR orders & handling technical data



Reporting obligations and requirements

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

ITAR IS…



International T raffic and Arms (ITAR) controls defense articles, defense services, and related technical data, including most non-sporting weapons



Protecting ITAR Information to protect the War Fighter



Regulated by the Department of State Directorate of Defense T rade Controls(DDTC)



Insures Arms and Protected T echnology does not fall into the wrong hands

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

WHO IS A U.S. PERSON?



US citizen



Permanent resident with a “green card”



Designated an asylee or refugee



A temporary resident under amnesty provisions



Entity incorporated to do business in the U.S.

* but the company itself may have foreign persons employees

Under ITAR 22 CFR § 120.15

= U.S. PERSON

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

WHO IS A FOREIGN PERSON

A “Foreign Person” is:



Not a U.S. citizen, permanent resident, or protected person (political asylee)



Definition of “person” includes corporations and other business associations, as well as natural persons Why is this important?



Deemed Exports



Physical or electronic access to technical data by foreign national in the U.S.



Oral exchanges of information in the U.S.



Visual inspection by foreign national of U.S.-origin equipment and manufacturing operations



Observations by foreign persons of application to situations of personal knowledge or technical experience



I-129 Forms

Under ITAR 22 CFR § 120.16

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

WHAT IS “TECHNICAL DATA”?



Information required to design, develop, produce, manufacture, assemble, operate, repair , test, maintain or modify defense articles, e.g.:

• Blue prints
• Drawings
• Photographs
• Instructions
• Plans
• Documentation



Classified information relating to defense articles and defense services on the USML and 600 series items controlled by the Commerce Control List



Information covered by an Invention Secrecy Order



Software directly related to a defense article

120.45(f)Software includes but is not limited to the system functional design, logic flow, algorithms, application programs, operating systems, and support software for design, implementation, test, operation, diagnosis and repair



But does not include information in the public domain

Under ITAR 22 CFR § 120.10

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

TECHNOLOGY TARGETS



Electronic Systems and Subsystems



Integrated Circuits



Radar Electronics



Guidance & Navigation Electronics

Collection Methods



Phishing Requests



Screen Photos with Cell Phone



Image Drives in Conference Room



Stealing Data on Laptop in Hotel Room

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

ITAR COMPLIANCE TIMELINE

Corporate Systems Transition

Network Bridge Server Upgrade Cameras Badge Readers Badge Upgrade Molex Email Accounts & Intranet Upgrade ITAR Technical Data Security Training Physical Security Training Watch Dox Training Veronis Training Universal PDM Tool Training

ITAR Training Requirements

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

WHO RECEIVES ITAR TECHNICAL DATA ACCESS? PERMISSION

Administrative action, usually involving a USA Person check and permission granting by your supervisor

NEED TO KNOW

Duties and projects that require you to work with ITAR sensitive material

+ =

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

ITAR DATA SECURITY PRACTICES

 Vigilance



Security Awareness  Training



Formal



Impromptu  Standard Procedures



Working with



T ransmitting (Can’t be emailed as it is stored in the Cloud)



Securing

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

WHAT IS EAR?

 Export Administration Regulations  Administered by The Department of Commerce  In essence, the EAR control any item warranting control

that is not exclusively controlled for export, reexport, or transfer (in-country) by another agency of the U.S. Government or otherwise excluded from being subject to the EAR pursuant to Sec. 734.3(b) of the EAR.

 Controls Dual-use items* * dual-use" item is one that has civil applications as well as terrorism and military or weapons of mass destruction (WMD)-related applications

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

WHAT IS CONTROLLED TECHNOLOGY UNDER THE EAR?



The US Export Administration Regulations define technology under the EAR §772 as:



“T echnology” – is specific information necessary for the “development,” “production,” or “use” of a product. The information takes the form of “technical data” or “technical assistance.”



“T echnical assistance” may take forms such as instruction, skills training, working knowledge, consulting services.



“T echnical data” may take forms such as blueprints, plans, diagrams, models, formulae, tables, engineering designs and specifications, manuals and instructions written or recorded on other media or devices such as disk, tape, read-only memories.

Under the Export Administration the releasing of controlled technology to a foreign person is informally referred to as a Deemed Export. Release of controlled technology to foreign persons in the U.S. are "deemed" to be an export to the person’s country or countries of nationality

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

DEEMED EXPORT UNDER THE EAR

 T

echnology is "released" for export when it is available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.); when technology is exchanged

• rally or electronically or when technology is

made available by practice or application under the guidance of persons with knowledge of the technology

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

HOW DO I MANAGE CONTROLLED TECHNOLOGY?



TRAINING-AWARENESS



PROPER IDENTIFICATION/CLASSIFICATION

• Determine jurisdiction -subject to the ITAR or EAR?



TECHNOLOGY CONTROL PLAN (TCP) Develop and implement T echnology Control Plan



Company wide, project specific, or employee specific?



CONTRACT CLAUSES - Include robust export compliance clause in

relevant contract or obtain compliance certifications



Each party to retain responsibility for compliance with export control and economic sanctions laws



Require parties to provide notice prior to transferring controlled items

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

SECURITY PROCEDURES AND DUTIES

It is your personal responsibility to know that the person you are dealing with is both properly permissioned and has a need to know

You must never reveal or discuss ITAR ,EAR or Sensitive/controlled technology information with anyone other than those that are properly permissioned and have a need to know

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

PROTECTION OF ITAR & EAR INFORMATION:

Make sure secure Screen Saver installed and working (if not submit helpdesk request)

Know and use correct email procedures for ITAR &EAR sensitive data transmission Always use ZIP and encrypting before sending ITAR & EAR sensitive data to customers and vendors

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

SALES

CURRENT ITAR DATA FOLDER STRUCTURE

ITAR Data Folder Structure: Appendix C X:\ ITAR JOB FILES QUOTES ENGINEERING WIP DEVELOPMENT PROJECTS PROCESS

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

FUTURE TOOL – RECEIVING/TRANSMITTING ITAR DATA

Use current encryption process

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

CONTROL OF CUSTOMER DATA POLICY AND PROCEDURE

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

UNDERSTAND YOUR RESPONSIBILITIES!

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

UNDERSTAND YOUR RESPONSIBILITIES!

Minor Violations MAY Include:



Verbal Counseling



Written Counseling



Suspension/T ermination Major Violations MAY Include:



Same as minor violations



Arrest



Imprisonment or fines

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

YOU MUST REPORT…

Loss, compromise, (or suspected loss or compromise) of ITAR Sensitive or proprietary information

IF YOU SEE SOMETHING SAY SOMETHING TO YOUR MANAGER

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

YOU MUST REPORT…

All suspicious contacts with known or suspected intelligence officers from any country, or any contact which suggests the employee may be the target of an attempted exploitation by the intelligence services of another country

REPORT TO YOUR MANAGER

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

YOU MUST REPORT…

If at any time you are UNSURE about what you can or can’t do

ASK YOUR MANAGER

How can I help?

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

SUMMARY

Ensure that you are suitably trained to administer the requirements of the ITAR or EAR Protecting ITAR or EAR Information to Protect the War Fighter

Company Overview – March 12, 2015 ITAR, EAR Controlled Technology and Security Briefing

PROTECTION OF ITAR & EAR INFORMATION:

STOP THINK ASK

ITAR & EAR Compliance Questions?

» Joe Bagliere

(805) 383-8490 joe.bagliere@molex.com Office: Email: Compliance & Contract Manager

THANK YOU!

Contact ISI to engage on your next project:

» Bob Garon

(630) 707-0991 bob.garon@molex.com Cell: Email: Midwest USA

» Brian Witzen

(919) 633-0798 brian.witzen@molex.com Cell: Email: Eastern USA (714) 993-9618 (714) 261-3733 dave.gagnon@molex.com Office: Cell: Email: Western USA

» Dave Gagnon

741 Flynn Road / Camarillo, California 93012 (805) 482-2870 www.ISIPKG.com Address: Phone: Website: