ITAR Requirements, Important Features

ITAR Requirements

ITAR Requirements

(International Traffic in Arms Regulations) ITAR Compliance places requirements on companies entering markets with defense related applications.  To establish an effective ITAR program all segments of a business must be involved.  Important features of an ITAR program include the following:

  • Registration with the Directorate of Defense Trade Controls (DDTC)
  • Establishing an Export Compliance Officer
  • An effective and continuous training program for all employees
  • Effective Cybersecurity
  • Visitor Access Control
  • A continuing review and evaluation of the ITAR program

ITAR Requirements

The Risks of ITAR Violations

Companies attempting to find a quick fix will often overlook the complexities involved in meeting ITAR requirements and place themselves in legal jeopardy.  Because of this they place themselves at risk of failing to comply with ITAR and facing severe penalties.  These penalties can include civil fines as high as $500,000 per violation or criminal fines of up to $1,000,000 and 10-years imprisonment per violation.  They can also include being barred from future exports and a loss of reputation of a business.

Meeting ITAR Requirements Effectively

Meeting ITAR requirements effectively should include by in from the top down.  It must involve all employees.  It must ensure security of a company’s facilities and maintain control of sensitive data.  A properly established program can continually protect a business by integrating with Quality Management Systems (QMS) to evaluate itself.  This allows for a means to detect risks in ITAR Compliance and adjust procedures accordingly.

CVG Strategy

If you are part of a large corporation or a small company with a part-time compliance person, CVG Strategy has the compliance and training programs to help you meet ITAR requirements.  Often smaller businesses often don’t have the bandwidth to dedicate to adequate export compliance.  Because of this we offer outsourced Export Compliance Officer services.  We also offer signs and accessories to aid in Visitor Access Control on our ITAR Store.

CVG Strategy, LLC is recognized the world over as the premier provider of customized ITAR Consulting and ITAR & Export Compliance Programs and Training that addresses critical U.S. Government regulations, from Export Administration Regulations (EAR), to the International Traffic in Arms Regulations (ITAR) and Office of Foreign Asset Controls (OFAC) and other regulatory agencies and more.

Cybersecurity Threats Trending Methods

Cybersecurity

Cybersecurity Threats

Cybersecurity Threats

Cybersecurity threats continue to evolve.  In its 2018 Cyber Incident Breach Trends Report the Online Trust Alliance (OTA) listed some of the latest trends.  The report found that 95 percent of all breaches could have been easily prevented through simple and common-sense approaches to improving security.  The following are some of the more prevalent cybersecurity threats.

Cryptojacking

Cryptojacking is an attack that hijacks devices to mine cryptocurrency.  Because these cybersecurity threats can be initialized by merely loading a page, they are often difficult to detect.  They run on a web page’s JavaScript and require no code to be installed or user opt-ins.

Cloud Data Compromises

With many businesses relying on cloud storage for sensitive data, the number of breaches is on the increase.  Though there are many actual attacks such as the recent Capital One incident, many cybersecurity threats are the results of mis-configured cloud services.  This results in data being left open to the Internet.  Configuring data storage correctly is essential for data security!

Cybersecurity Threats via Third Parties

Often cybersecurity threats can originate through compromised third-party website content, vendors’ software or third-parties’ credentials.  Though these types of attacks are not new, they have been on the increase of late.  The most notable 2018 attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide.

Business Email Compromise (BEC)

BEC uses email to deceive employees into sending funds or gift cards to attackers who impersonate vendors or executives.  This resulted in $1.3 billion in losses in 2018.  These attacks have been targeted at businesses of all sizes including non-profit organizations like churches.

Cybersecurity Threats are Avoidable

The OTA report found most cybersecurity threats could have been prevented.  In fact, 95 percent of breaches that occurred in 2018 could have been mitigated through simple and common-sense approaches to improving security.  Developing and maintaining cybersecurity programs that can evolve to meet the changing nature of threats is essential.  An effective ISO 27001 Information Security Management Systems (ISMS) is an excellent solution that involves all segments of a business to ensure that processes are in place to protect sensitive information.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Because our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) we can help you achieve ISO/IEC 27001 certification on time and on budget.

COTS for Military Applications MIL-STD-810

COTS for Military Applications

COTS for Military Applications

COTS for Military Applications

The Defense Department is integrating more Commercial Off the Shelf (COTS) components for military applications including mission critical systems.  While this is a fantastic opportunity for businesses to gain access to a lucrative market, it also poses some serious challenges.

Once approved for a military application the manufacturer of the COTS must ensure that the product meets requirements for harsh environmental applications and stringent EMI/EMC limits.  This will require extensive Developmental Test and Evaluation and probably a certain amount of design modification.

MIL-STD-810 testing for COTS

MIL-STD-810 is the primary tool for Developmental Test and Evaluation for the environmental effects on military equipment.  This standard, currently in revision H, is comprised of twenty-nine methods for climatic and dynamic testing.  Climatic methods include High Temperature, Immersion, Fungus, Humidity, and Rain.  Dynamic methods include dozens of types of shock and vibration.

MIL-STD-810 does not rely on procedures with set parameters and severities.  Instead it requires an assessment of the critical environmental profiles likely to be encountered by the materiel in its life cycle.  This assessment involves a management and engineering process known as tailoring.  This is a critical decision-making process as the conditions a COTS in a military application would face on an aircraft would be entirely different than those in a shipboard application.  Added to this are consideration of all modes of transit likely to be encountered, both logistical and tactical.

MIL-STD-461 and COTS for Military Applications

MIL-STD-461 is the EMI/EMC standard for military components.  As such it often poses the greatest challenges to COTS transitioning into the military market.  Though requirements vary as determined by the intended platform (e.g. Army Ground, Aircraft Navy) they are generally more stringent for emissions and susceptibility than commercial requirements.

CVG Strategy

CVG Strategy has expertise and experience in assisting companies transition from COTS to military applications.  Our experts can determine requirements and tailor environmental criteria to create effective Developmental Test and Evaluation programs.  Furthermore, our test and evaluation team can manage evaluation programs, write test plans, witness testing, and create test report summaries.  We have decades of experience in environmental and EMI/EMC testing in both commercial and military applications.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

 

Capital One Cyberattack Effects 106 Million Card Holders

Capital One Cyberattack

Capital One Cyberattack

Capital One Cyberattack

The Capital One cyberattack is a concern for small businesses.  Capital One said Monday that the personal information of approximately 106 million card customers and applicants had been compromised.  This is one of the largest cyberattacks on a big bank.

The information of customers and applicants compromised included small businesses.  The Wall Street Journal reported that the information accessed from the Capital One cyberattack involved persons or businesses that had applied for credit cards from 2005 to early 2019.  It included addresses, names, dates of birth and self-reported income.

The Cost of Cyberattacks

The alleged source of the cyberattack was a former employee of Amazon Web Services Inc., who had worked at a cloud-computing company.  Capital One said it is unlikely the stolen information had yet to be disseminated or used for fraud.  The investigation is continuing however.  The incident is expected to cost approximately $100 million to $150 million.  Estimates for losses to the U.S. economy in 2018 to cyberattacks were between $57 and $109 billion but the real cost to a company’s reputation and intellectual properties is beyond dollar estimates.

Beyond the Capital One Cyberattack

Often businesses focus their cybersecurity efforts on IT solutions.  The Capital One cyberattack much like the Equifax breach in 2017 illustrate how short sighted this approach can be.  Every business shares valuable information with entities it does business with.  Therefore, businesses today need a management-oriented structure to access threats, create processes to deal with them, and conduct regular reviews and audits of those processes to be effective.

ISO-27001

ISO-27001 is such a solution.  It includes all stakeholders and is flexible to demands of any size of business.  ISO 27001 can not only protect your business from cyberattacks it can help your credibility with potential customers.  This is because certification in an Information Security Management System (ISMS) shows your intent to protect their information as well.

In conclusion, in today’s world nobody is exempt from having their information compromised.  Even Capital One, the world’s fifth largest credit card company can be a victim of cyberattack.  Maintaining a viable ISMS like ISO 27001 ensures your business is maintaining a viable mitigation of this threat.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 certification on time and on budget.