Upload
candid
View
44
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Export Controls, Classified & Restricted Projects, & the Research Administrator. Operations Security. - PowerPoint PPT Presentation
Citation preview
Export Controls, Classified Export Controls, Classified &&
Restricted Projects, &Restricted Projects, &the Research the Research AdministratorAdministrator
Operations SecurityOperations Security• OPSEC is a process that identifies
critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
Academic FreedomAcademic Freedom
• The freedom to conduct research, teach, speak and publish, subject to the norms and standards of scholarly inquiry, without interference or penalty, wherever the search for truth and understanding may lead.
OSU EnvironmentOSU Environment• International Students & Faculty• Visiting Scholars & Industry
Colleagues• Open Campus• Brilliant Minds• OSU Researchers are contributing
to the defense of our Nation.
OPSEC - What Can You DoOPSEC - What Can You Do
• Participate in Security Education Opportunities
• Be Aware• Be Alert• Report Suspicious Behavior
Classified ResearchClassified Research
Suzette Lavoie, College of Engineering, Architecture, & Technology
True or False?True or False?• Oklahoma State University
Performs Classified Research
FALSEFALSE• Oklahoma State University does NOT
have a Facility Clearance to allow the award of a classified contract
• The majority of U.S. universities decline to accept classified research contracts
• The majority of U.S. universities decline to admit they perform classified research
Responsibility for OSU Responsibility for OSU Classified ResearchClassified Research
• The responsibility for managing classified research at OSU has been assigned to the OSU Center for Innovation and Economic Development (OSU CIED)
OSU Classified ResearchOSU Classified Research• Proposals & Awards that require
access to Classified Information are required to be proposed and awarded through the OSU CIED
• The OSU CIED Facility Clearance Level is Top Secret. The OSU CIED storage capability is Secret.
Identifying Potential Identifying Potential Classified ContractsClassified Contracts
• Title 48-Federal Acquisition Regulations SystemChapter 1-Federal Acquisition RegulationsPart 4-Administrative MattersSubpart 4.4-Safeguarding Classified Information Within Industry
Sec. 4.404 Prescribing Contract clause:
(a)The contracting officer shall insert the clause at (FAR) 52.204-2, Security Requirements, in solicitations and contracts when the contract may require access to classified information…
(b)If a cost contract for research and development with an educational institution is contemplated, the contracting officer shall use the clause with its Alternate I
Contract Negotiation Contract Negotiation Exception to Classified Exception to Classified
ClausesClauses• Please delete• Only applicable when contract
involves access to classified information
• University does not perform classified research
DD254DD254• Department of Defense Contract
Security Classification Specification• FAR Section 4.403 requires a DD254 for all
solicitations and contracts when contractors or prospective contractors may require access to classified information
• Provides to the contractor the security requirements and the classification guidance that would be necessary to perform on the classified contract
DD254 SampleDD254 Sample
Preparing a Proposal for Preparing a Proposal for Classified ResearchClassified Research
• Contact OSU CIED Industrial Security Staff as soon as possible
• Budgetary Costs to Consider• Work Area Renovations maybe Required• Personnel Security Clearance Processing Time
(Currently 18 months for a Top Secret clearance to be obtained)
• Only U.S. Citizens may be granted a Personnel Security Clearance
Performance of Classified Performance of Classified Work, as Consultants to Work, as Consultants to External OrganizationsExternal Organizations
• It is the standard practice for OSU CIED not to provide clearances on behalf of faculty or other personnel who require such clearances solely to satisfy outside consulting obligations to external organizations. In such cases, the Government Agency or private company for which the individual is consulting usually initiates and sponsors the individual’s security clearance.
Performance of Classified Performance of Classified Work, as Consultants to Work, as Consultants to External OrganizationsExternal Organizations
• Cleared Faculty members or staff must be assigned to an active OSU CIED classified contract
• Individual Faculty members or staff may serve on classified projects as consultants to the Federal government, commercial contractors, or other outside organizations. OSU CIED does not keep records of these project, nor monitor them.
Industrial Security Industrial Security DefinitionsDefinitions
• Classified Information• Official information, including foreign classified
information, which requires protection in the interest of national defense and which has been so designated by appropriate authority
• Classified Contract• Any contract that requires or will require access to
classified information by the contractor or his employees in performance of the contract. (A contract may be a classified contract even though the contract document is not classified.)
Industrial Security Industrial Security DefinitionsDefinitions
• Contractor• Any individual, company, corporation or educational
activity that has entered into a security agreement with the government or who has a contract to perform work, services or produce a product for the government or a prime contractor doing business with the government.
• National Industrial Security Program Operating Manual (NISPOM)• This manual implements the National Industrial
Security Program by prescribing the requirements, restrictions and other safeguards to prevent unauthorized disclosure of classified information.
Industrial Security Industrial Security DefinitionsDefinitions
• Facility Security Clearance• An administrative determination that, form a security
viewpoint, a facility is eligible for access to classified information of a certain category (e.g., Confidential, Secret, or Top Secret)
• Personnel Security Clearance• An administrative determination by DOD based on an
individual’s personal history and National Agency Check or background investigation that the individual is eligible, from a security point of view, for access to classified information of the same or lower category as the level of the personnel security clearance begin granted
Industrial Security Industrial Security DefinitionsDefinitions
• Need-to-know• A determination made by the possessor of classified
information that a prospective recipient, in the interest f national defense, has a requirement for access to, knowledge of or possession of the classified information in order to perform tasks or services essential to fulfillment of a classified contract or program approved by a user agency
OSU Classified Research OSU Classified Research ContactsContacts
• Facility Security Officer (FSO)Joseph W. Alexander, President, OSU CIED
• FSO Assistants:Shawna Goodwin, OSU [email protected]
Suzette Lavoie, [email protected]
National Security Decision National Security Decision Directive 189Directive 189
(NSDD 189 - September 21, 1985)(NSDD 189 - September 21, 1985)• It is U.S. policy…that, to the maximum extent possible,
the products of fundamental research remain unrestricted. It is also U.S. policy…that, where the national security requires control, the mechanism for control of information generated during federally-funded research in science, technology & engineering at colleges, universities & laboratories is classification…
• Accordingly, when the government needs to control federally –funded research results, it will classify the information, otherwise the information will remain unrestricted
““Education is the cheap Education is the cheap defense of nations.”defense of nations.”
Edmund Burke (1729-1797)
Suzette LavoieResearch Administration Officer
College of Engineering, Architecture & Technology201 ATRC
Export ControlsExport Controls
Putting the Pieces Together
Jada Bruner Gailey, University Research Services
Reasons for the Reasons for the RegulationsRegulations
• Prevent terrorism• Restrict exports of goods &
technology that could help our enemies
• Restrict exports that could hamper U.S. economic vitality
• Prevent proliferation of weapons of mass destruction
What is EAR?What is EAR?• Export Administration Regulations
15 CFR §§ 700-799.• U.S. Department of Commerce,
Bureau of Industry and Security (BIS)
What is ITAR?What is ITAR?• International Traffic in Arms
Regulations22 CFR §§ 120-130
• U.S. Department of State through the Directorate of Defense Trade Controls (DDTC)
What is OFAC?What is OFAC?• Office of Foreign Assets Control, U.S.
Department of the Treasury• Title 31 U.S. CFR, Chapter V & various
Executive Orders• Trading with the Enemy Act (TWEA), 50 U.S.C. app. §§ 1-
44• International Emergency Economic Powers Act (IEEPA),
50 U.S.C. §§ 1701-06• Antiterrorism & Effective Death Penalty Act, 8 U.S.C.
219, 18 U.S.C. 2332d & 18 U.S.C. 2339b• Foreign Narcotics Kingpin Designation Act, Pub. L No.
106-120, tit. VIII Stat 1606, 1626-1636• Syria Accountability & Lebanese Sovereignty Restoration
Act, Pub. L No. 108-175
What is an export?What is an export?• An export is an actual shipment or
transmission of items, services, or technical data subject to either the EAR or the ITAR out of the U.S., or release of technology, software, or technical data subject to either EAR or ITAR to a foreign national in the U.S.
How is an export made?How is an export made?• Technology, software, or technical
data is “released” for export through:• Visual inspection by foreign national of U.S.
origin equipment and facilities;• Oral exchange of information in the U.S. or
abroad;• Transfer or shipment via any means
(physical or electric) to a foreign entity;• Providing a service, or the application to
situations abroad of personal knowledge or technical experience acquired in the U.S.
What is a “Deemed” What is a “Deemed” export?export?
• Release of technology or source code subject to the EAR to a foreign national in the U.S. is “deemed” to be an export to the home country of the foreign national under the EAR.
What is “technology”?What is “technology”?• Technology is specific information
necessary for the development, production, or use of a Commerce Department product controlled for export. • “Use” is defined as operation, installation
(including on-site installation), maintenance (checking), repair, overhaul and refurbishing.
Subject to EAR?Subject to EAR?• The primary focus of EAR is to control
the export of “dual-use” technologies• All items in the U.S., EXCEPT:
• Publicly available technology & software (excluding encryption)
• Items subject to the exclusive jurisdiction of another Federal Department or Agency
• Literary publications, such as newspapers or literary works (non-technical in nature)
• Information resulting from fundamental research & educational information
Subject to EAR?Subject to EAR?• Items outside the U.S.
• U.S. origin items wherever located• Certain foreign-made items, if:
• The value of the U.S. content exceeds the de minimis percentage
• The foreign-product item is the direct product of U.S. technology or software
• Activities of U.S. and Foreign Persons• Related to proliferation• Prohibited by an order issued under the EAR• Technical assistance with respect to encryption
commodities or software
Subject to the EAR?
(See 734.2-5)
Exit the EAR
NO
Is your item classified under an ECCN on the
CCL?
ECCN EAR99
Do General Prohibitions 4-
10 apply?
Do General Prohibitions 4-
10 apply?
Is there an “X” in the box?
Is a License Exception available?
No License Required
(NLR)
Use License Exception
Submit an application for license
NOYES
NO NO
YES
YES
YES
NO
YES
NO
Is a license needed?Is a license needed?
• What are you exporting?• Where are you exporting?• Who will receive your item?• What will your item be used for?
What are you exporting?What are you exporting?
• Key = does the item you are intending to export have a specific Export Control Classification Number (ECCN)
• All ECCNs are listed in the Commerce Control List (CCL)
http://www.access.gpo.gov/bis/ear/ear_data.html#ccl
EAR99EAR99
• If your item is controlled but not listed on the CCL, it is designated as EAR99.
• EAR99 items generally consist of low-technology consumer goods and do not require a license in many situations.
Where are you exporting?Where are you exporting?
• Restrictions vary from country to country
• The most restricted destinations are embargoed countries (i.e., Cuba, Iran, Libya, North Korea, Sudan, & Syria)
• Is there an “X” in the box?
Who will receive your Who will receive your item?item?
• Certain individuals & organizations are prohibited from receiving U.S. exports
• Others may only receive goods if they have been licensed.
http://www.bis.doc.gov
Is a license required?Is a license required?
• No License Required (NLR)• License Exception• License
Subject to ITAR?Subject to ITAR?• An article or service is deemed to
be inherently military in character• Found on the U.S. Munitions List
(USML)• Not much latitude, few exemptions• Includes:
• Most space related technologies• Technical data related to defense articles &
services
What are defense articles?What are defense articles?
• Any item or technical data on the USML
• The USML is a list of categories of items, defense articles, & related technology designated as defense or military related.
http://www.fas.org/spp/starwars/offdocs/itar/p121.htm
What are defense What are defense services?services?
• This includes furnishing of assistance to foreign persons, whether or not in the U.S., with respect to defense articles, & the furnishing of any technical data associated with a defense article
DifferencesDifferencesEAR
• Covers dual-use items• Regulates items designed
for commercial purposes but that can have military applications
• Covers goods, test equipment, materials, & the technology & software
• Differs on “ordinarily publishable vs. published
• Not as many license restrictions to certain countries
• More exemptions available
ITAR• Covers military items• Will deny a license for
exports/sales of defense services or articles to certain countries
• Research must already be published
• Stricter proprietary review concerns
• Has exemption for foreign nationals if full-time regular employee of a university
• Prepublication review/ approval invalidates the fundamental research exemption
Key Issues for UniversitiesKey Issues for Universities
• Public Domain• Information should be published & generally
available to the public• Through sales at bookstands & stores• Through subscriptions available without restrictions• At libraries open or available to the public• Through patents• Through unlimited distribution at conference,
seminar, trade show, generally accessible to the public
• Includes technology & software that are educational & released by instruction in catalog courses & associated labs & universities
Key Issues for UniversitiesKey Issues for Universities
• Deemed Exports• Information released to a foreign national in
the U.S.• Tours of laboratories• Foreign students or professors conducting research• Hosting foreign scientists• E-mails, visual inspections, oral exchanges
• Unless the fundamental research exclusion applies, a university’s transfer of controlled technology to a non-permanent resident foreign national may require a license &/or be prohibited
Key Issues for UniversitiesKey Issues for Universities
• Technology Control Plans• Ensures that controlled technology is
secured from use and observation by unlicensed non-U.S. citizens
• Outlines the procedures to be taken to handle and safeguard controlled technology
• Project Director/Principal Investigator is responsible for developing a written TCP
Key Issues for UniversitiesKey Issues for Universities
• Fundamental Research Exclusion• Fundamental research means basic &
applied research in science & engineering, the results of which ordinarily are published & shared broadly within the scientific community. Distinguished from proprietary research & from industrial development, design, production & product utilization, the results of which ordinarily are restricted for proprietary or national security reasons
Key Issues for UniversitiesKey Issues for Universities
• Fundamental Research Exclusion• The products of fundamental research should
remain unrestricted, to the extent possible• Research conducted at a university will
normally be considered fundamental research• University based research is NOT considered
fundamental research if the university or its researchers accept restrictions on the publication of the results of the project
• Information/Results are in the public domain
Key Issues for UniversitiesKey Issues for Universities
• Foreign Travel• Taking equipment, laptops, PDS, etc. out of
the country may require a license• Tools of the Trade Exception
• OFAC may have restrictions• OFAC, Department of Commerce & State, as
well as other governmental agencies, have denied entities/persons lists that need to be checked
Key Issues for UniversitiesKey Issues for Universities
• Shipping outside the U.S.• Shipping equipment, technology, software,
computers, goods outside the U.S. may require a license (Tools of the Trade Exception)
• Be aware of regulations at the time of purchase
• OSU requires name & address notification on Quotes &/or Requisitions
• P-card purchases a problem if item is to be shipped outside the U.S.
Key Issues for UniversitiesKey Issues for Universities
• Vendor Payments• Payment to entities/persons on denied lists
could result in fines• Can include payments to entities in the U.S. or
abroad• Payment to foreign entity should raise a red flag
Key Issues for UniversitiesKey Issues for Universities
• Equipment & Software• “Use” of controlled equipment by a foreign
national may require a license even if Fundamental Research exclusion is applicable
• Software that is provided to the public for free may not require licenses, but proprietary software of controlled technology could
• Encryption technology could require licenses or be prohibited for transfer to certain foreign nationals/countries
Cost of NoncomplianceCost of Noncompliance• EAR
• Criminal: $50K to $1 million or 5 times value of export, whichever is greater, per violation, 10 years imprisonment
• Civil: revocation of exporting privilege, fines $10K to $120K per violation
• Bass-Pro - $510K for shipping guns without a license
• Dr. Thomas Butler, Texas Tech – 2 years in prison for making fraudulent claims & unauthorized exports (biological agent)
Cost of NoncomplianceCost of Noncompliance• ITAR
• Criminal: Up to $1 million per violation & 10 years imprisonment
• Civil: seizure & forfeiture of article, revocation of exporting privilege, up to $500K fine per violation
• ITT – $30M for exporting night vision materials without license
• Raytheon fined $25M• Boeing fined $4.2M• Lockheed Martin fined $13M• Dr. J. Reece Roth, University of Tennessee &
Atmospheric Glow Technologies, Inc.
Cost of NoncomplianceCost of Noncompliance
• OFAC• Criminal: $50K to $10M per violation & 10 to
30 years imprisonment• Civil: $11K to $1M per violation
• Augsburg College, Minneapolis, MN fined $9,000 for 4 trips to Cuba; attorney was able to negotiated reduction in fine
Compliance is a Team Compliance is a Team EffortEffort
• What to do:• Review proposed research for potential
EAR/ITAR issues – don’t wait until the contract arrives
• Check to see if equipment/supplies to be purchased is controlled under EAR/ITAR
• If hiring a foreign national, check the regulations to see if a license may be required
• At the contract stage, check for restrictive clauses that would eliminate the Fundamental Research Exclusion
Compliance is a Team Compliance is a Team EffortEffort
• What to do (continued):• Keep an eye out for foreign travel• Question purchases from foreign entities• Question shipments to foreign locations• Document exemptions• Keep records a minimum of 5 years (license
valid for 2 years)• Apply for a license BEFORE project begins –
the process can take 6 months or longer
Compliance is a Team Compliance is a Team EffortEffort
• Honest errors are acceptable• Gross negligence is punishable• It is better to self-disclose than not
say anything• Remember the Costs of
Noncompliance• You are not alone!
Helpful ResourcesHelpful Resources• Department of Commerce, BIS
http://www.bis.doc.gov
• EAR database – Commerce Control Listhttp://www.access/gpo.gov/bis/ear/ear_data.html
• Department of State, DDTChttp://www.pmddtc.state.gov/itar_index.htm
• Department of Treasury, OFAChttp://www.treas.gov/offices/enforcement/ofac/
• University Research Serviceshttp://www.osu-ours.okstate.edu/
Contact InformationContact Information
Jada Bruner GaileyDirectorUniversity Research Services212 Cordell [email protected]
Questions?Questions?