The answer is "export control". Export control is a functional area of DoD risk management, governed by the Federal Acquisition Regulation (FAR) and the International Traffic in Arms Regulations (ITAR). The goal of American export controls is to prevent the United States government, and United States industries, from exporting weapons or weapons precursors to recipients whose possession of such items might run contrary to American interests. The actual regulations, their reach, and their intricacy are extremely complex, but they're sort of similar in spirit to the Prime Directive from Star Trek, for lack of a better example. The difference is that whereas the Prime Directive is an altruistic measure to avoid contaminating developing civilizations, export control protects American interests.
In the last couple of years, both the Heritage Foundation and the Center for Strategic and International Studies have held events (Heritage, CSIS) in which they discussed prospects for export control reform. I've not been able to listen to the podcast from CSIS, but the Heritage Foundation's event was very good.
So, why should you care? There are a few reasons.
First and foremost: If your operation, be it public or private, does business abroad, you need to be aware of it. There are both strict punitive measures, and important ramifications, of violating export control restrictions.
Second: The current export control system is extremely complicated, which makes it a good example of how not to control your information and materials. For example, American export controls divide responsibilities between the Departments of State, Commerce, and Defense. As they currently stand, American export controls demonstrate the value of keeping controls as simple as possible.
Third: At their core, export controls provide a good model for taking an enterprise view of safeguarding critical assets. American export controls go into excruciating detail with regard to what's controlled, and it includes bona fide weapons systems, but also industrial machinery for making components, and software, and data, processes and techniques, and all sorts of other assets. Every good risk management program should take such a holistic approach to ensure that one asset isn't lost by way of another asset being poorly protected.
No comments:
Post a Comment