The operations of both industries support the protection of our nation’s wellbeing in the United States and abroad. The pressure of preventing information security breaches is intensified with the need to protect intellectual property, supply and distribution chains, employees and customers.
Cyber-attacks are increasing in frequency and complexity for both the aerospace and defense industries, and the safety, security and reliability of data has never been more important. In an effort to mitigate risks and provide a framework for reliable information security operations, there also exist several regulatory and compliance requirements which must be adhered to.
A&D organizations must ensure compliance with a number of regulatory requirements related to the identification and protection of intellectual property, as well as controlling exported information. The Internal Traffic in Arms Regulations (ITAR) and Export Administration Regulations are two pieces of legislation which aim to govern particular technologies and the data associated to prevent the compromise of sensitive information to a foreign national. To avoid penalties, it is imperative that all A&D organizations complete the processes required to verify compliance with both ITAR and EAR.
EAR includes a Commercial Control List of regulated commercial items, while ITAR includes a United States Munitions List of restricted articles and services. Organizations must register with the U.S. State Department’s Directorate of Defense Trade Controls (DDTC) to be considered ITAR or EAR compliant. The challenge often comes to life when global corporations come into play. Particular data may need to be transferred via the internet or stored outside of the United States.
Beyond maintaining compliance, there are a number of security concerns among the domains of aerospace and defense. Cyber-attacks are a longstanding threat, with newly developed attack methods being developed constantly and with an increased potential for damage. The information being sought is highly sensitive and valuable, and the organizations operating within the A&D sector typically function at a high level of public exposure. It is critical that decision makers ensure robust security measures to protect against cyber-attacks.
Working with DoD agencies may require a connection with the Federal Bridge.
The Federal Bridge is a cross-governmental Public Key Infrastructure (PKI) to enable digital certificates for e-signature technology to create trusted paths and improve business processes among government agencies and vendors. The challenge lies in that an organization must meet the strict Federal Bridge PKI requirements based on the needed security clearance.
CSS PKI and digital certificate experts have worked with a number of organizations to design and implement PKI and certificate management systems that can be trusted and interoperable with the Federal Bridge, allowing companies to meet stringent security requirements needed to verify identities for collaboration on classified, sensitive projects.