When I advise clients in high tech or defense manufacturing to limit the use of regular e-mail, most scoff. Small and medium-sized companies cannot afford, or think they cannot afford, secure IT systems for encrypted communications. But the long-term costs of not securing controlled data can be a economic disaster for smaller companies with federal government contracts. If you manufacture controlled technologies, these and other tips are critical as your small and medium-sized business develops its security control plans.
The following recent article from a publication across the pond provides a good overview of some of the security issues involved with manufacturing defense and other high tech items, including data security. I especially like the way one of the interviewees couches compliance with U.S. export control laws: “[t]he US has particular requirements”. That is much more diplomatic than what I usually hear from foreign companies or diplomats about our export control and sanctions regulations.
There is a lot of law behind the scenes throughout the many steps outlined in this article. And while it may seem challenging at times to comply with these rules, it is not as daunting as critics would have you think. There are also efforts underway in the U.S. to reform some of these rules. Weapon systems and high-tech devices are becoming more complex, as are the nature of future national security threats. When and if the reform process is completed, I suspect there will still be significant compliance hurdles because of the nature of the technology that will need controlling.
Regardless of what the U.S. regulatory regime will look like after this year, small and medium-sized enterprises (SMEs) that need to deal with these rule can, and in some cases must, take steps to secure data and technology today. And what you do need not break the bank either.
The complete article referenced above is available here. It is worth a read.