1 / 17

` Technology Security & Foreign Disclosure (TSFD) and Export Control (EC)

` Technology Security & Foreign Disclosure (TSFD) and Export Control (EC) Defense Services Considerations. Frank Kenlon Prof of Int’l Acquisition (Intermittent) DAU/DSMC-Int’l January 22, 2016. International Acquisition & Exportability (IA&E). Defense Services Considerations.

shaman
Download Presentation

` Technology Security & Foreign Disclosure (TSFD) and Export Control (EC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ` Technology Security & Foreign Disclosure (TSFD) and Export Control (EC) Defense Services Considerations Frank Kenlon Prof of Int’l Acquisition (Intermittent) DAU/DSMC-Int’l January 22, 2016

  2. International Acquisition & Exportability (IA&E) Defense Services Considerations DoD IA&E Competencies International Cooperative Programs Sales & Transfers • TSFD and Export Control Basics • Key Takeaways • Info Technology (IT) Basics • Key Takeaways • Background Info • Technology Security & Foreign Disclosure (TSFD) • Export Control Technology Security & Foreign Disclosure (TSFD) & Export Control Defense Exportability

  3. TSFD Basics Fundamental Security Considerations Access Protection + Release Conditions • Not transfer or use for other purposes without U.S. consent • Provide substantially the same degree of protection as U.S. Type of Authorizations Disclosure Authorizations Foreign Visits TSFD

  4. Export Control Basics Fundamental Considerations Technology Sensitivity Recipient Destination Foreign Policy Country of Origin Key Principles • Control U.S.-origin sensitive technology & equipment • Promote regional stability • Human rights • Prevent proliferation to problem end-users and international terrorists • Comply with international arms control and technology transfer commitments Type of Authorizations State Commerce Other

  5. Shipment to Foreign Destinations (Including Canada) Shipment to Foreign Entities in U.S. (e.g., Embassies) Foreign Travel Hand-carry Technical Services Electronic Transmission Symposia Presentations Published Articles Export Control Examples • Computer Networks (Internet, Intranet, Web Sites) … Laptops • Conversation • Business Meetings • International Mail • Telephone Conversations • Foreign Visitors: Facility Tours Meetings • Foreign Employees • Trade Shows (U.S. & Overseas) Red = IT-specific areas

  6. Export Control vs TSFD Processes INDUSTRY Defense Industry Familiar with Export Control Processes STATE DTSA MIL SERVICES Up to 120 days 1-2 years TSFD (Disclosure Policy) Processes Not as Well Understood by Defense Industry Start USG/DoD TSFD Approvals Should Precede Export License Submission

  7. Key Takeaways – Defense Services Technology Security and Foreign Disclosure (TSFD) • DoD contracting organizations are responsible for USG/DoD TSFD compliance • Program Management Office (PMO) (or equivalent) has access to specific TSFD policy guidance pertaining to contracted defense service task(s) • When needed, defense service contractors should seek TSFD policy guidance insights from PMO via Contracting Officer (CO) in accordance with contract provisions Export Control (EC) • DoD contractors are responsible for EC compliance -- not the DoD contracting org! • Large defense companies are usually familiar with ITAR and EAR requirements – medium to small companies often are not • DoD contractor tech support (CTS) company employees are not considered “Gov’t” • DoD CTS companies must register as ITAR exporters and comply with ITAR (and, if applicable, EAR) approvals based on pertinent USG/DoD TSFD policy guidance

  8. IT Protection – Information Categories Governed by National Industrial Security Program Operating Manual (NISPOM) and Contract DD 254 Information originated by or for the DoD or its agencies or is under its jurisdiction or control; and that requires protection in the interests of national security Classified Military Information (CMI) Unclassified information that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations and Government-wide policies Controlled Unclassified Information (CUI) CUI network access by Foreign Nationals often poses significant IT challenges due to the wide variation in TSFD disclosure and CUI protection policies across the USG and DoD Information provided to the USG by a foreign government (s) or international organization or produced jointly with expectation that information, the source, or both are to be held in confidence Foreign Government Information (FGI) DoDM 5200.01 Vol 1-4; DoD Information Security Program

  9. Key Takeaways – IT Defense Services Foreign National Access to DoD Networks • DoD contracting organizations are responsible for USG/DoD TSFD compliance regarding access to DoD classified and CUI networks by foreign nationals • DoD PMO (or equivalent) has access to specific TSFD policy guidance for foreign nationals pertaining to specific contracted defense service network management/technical tasks • Defense service network management/technical contractors should seek TSFD policy guidance regarding access by foreign nationals to DoD networks from PMO via Contracting Officer (CO) in accordance with contract provisions Foreign National Access to Contractor Networks • DoD contractors are responsible for EC compliance -- notDoD contracting organizations! • DoD contractors should comply with applicable NISPOM, DD 254, and FAR/DFARS-based provisions in their DoD contracts (if questions, consult the Contracting Officer) -- see TSFD/EC and IT Resources chart

  10. TSFD/EC & IT Resources DAU Continuous Learning Course:  CLC 048 “Export Controls” http://icatalog.dau.mil/onlinecatalog/courses.aspx?crs_id=2040 DAU Acquisition Community Connection (ACC):  TSFD and Export Control ‘folder’ https://acc.dau.mil/CommunityBrowser.aspx?id=467062&lang=en-US  ACQ 130 Knowledge Repository ‘folder’ https://acc.dau.mil/CommunityBrowser.aspx?id=642231&lang=en-US Industrial Security:  National Industrial Security Program Operating Manual (NISPOM) http://www.nispom.org/NISPOM-download.html  DD Form 254 – Contract Security Classification Specification http://www.dami.army.pentagon.mil/site/IndustSec/DD254.aspx (Dept of Army guidance example)

  11. TSFD/EC & IT Resources (con’t) • Defense Federal Acquisition Regulation Supplement (DFARS): • Subpart 225.79 -- Export Control: http://www.acq.osd.mil/dpap/dars/pgi/pgi_htm/current/PGI225_79.htm • Information Technology: SUBPART 204.73--SAFEGUARDING COVERED DEFENSE INFORMATION AND CYBER INCIDENT REPORTING http://www.acq.osd.mil/dpap/dars/dfars/html/current/204_73.htm subpart 239.71--security and privacy for computer systems http://www.acq.osd.mil/dpap/dars/dfars/html/current/239_71.htm DFARS Case 2013-D018--Network Penetration Reporting and Contracting for Cloud Services https://www.federalregister.gov/articles/2015/08/26/2015-20870/defense-federal-acquisition-regulation-supplement-network-penetration-reporting-and-contracting-for

  12. BACKGROUND INFO

  13. TSFDKey Players & Processes International Interaction • USG-widePolicy • DoD-widePolicy • Top LevelTSFD approvals USG/Interagency Nat’l Sec Council Intel Community State Dept Commerce Dept Homeland Sec Dept USD (Policy) USD (AT&L) USD (Intelligence) ASD(NII) USG/OSD/ Joint Staff Level • ProposedPolicy Changes • ComponentPolicy • Implementationguidance &decisions Military Departments DoD Component Level NIPO SAF/IA DASA(DE&C) & G-2 DoD Agencies: DSCA, DTSA, MDA, DTRA, DISA, etc. AFSAC. AFMC AETC, etc. USASAC AMC, etc. NETSAFA SYSCOMs, etc. • MAJCOMs • PEOs/PMs • Implementation • TechnicalDetails CoCOM Country Team Level Labs, Warfare Centers, and Many Others

  14. NDP LO/CLO AT USG/DoD TSFD Processes Primary Policy COMSEC MILDEP Processes Primary AT&L SAP Primary DoD Lead: Various AT&L DSC Primary NSA & DoD CIO MTCR MILDEP-specific various Specialized SAPCO NVD/INS Specialized AT&L + Policy Intel Specialized MILDEP Process Policy Data Links/WF Specialized DTSA PNT/GPS Other DoD Processes Specialized USD(I) GEOINT DoD Lead: Various Specialized DoD CIO EW Org.-specific various Specialized DoD CIO Specialized NGA No single process None Few documented processes Interagency process

  15. Export Control Legislation Arms Export Control Act • Authority to promulgate regulations governing commercial exports of defense articles and services was delegated to the Secretary of State • Implemented by the International Traffic in Arms Regulations (ITAR) • Legal basis for the United States Munitions List (USML) – defense articles and services Export Administration Act • Authority to implement given to the Department of Commerce • Implemented by the Export Administration Regulations (EAR) • Legal basis for the Commerce Control List (CCL) – dual-use items, “600 Series” items transferred from USML and “Country Chart”

  16. USG Export Control System Overview • Federal Regulations:  ITAR – Defense Articles and Services  EAR – “Dual Use” Articles and Services+ 600 Series items • Key Organizations : • State Department -- Directorate of Defense Trade Controls (DDTC) • Commerce Department – Bureau of Industry and Security (BIS) • DoD – Defense Technology Security Administration (DTSA)

  17. Export ControlPlanning for Int’l Cooperative Programs (ICPs) • Technology Release Roadmap (TRR) • Prepared if a substantial amount of ICP activity is envisioned • Provides early planning for technology releases to foreign industry • Describes when the critical events regarding TSFD planning and implementation should be addressed • Projection of when U.S. industry export approvals may be required to support initial ICP efforts • TRR sections • Timeline of key projected export approvals against the program acquisition schedule • Definition of the technologies involved in each export approval • List of U.S. contractors (exporters) as well as foreign entities (end users) for each export approval

More Related