By Paul Welch, Sr. Product Manager and Heatherly Bucher, Director of Product Marketing, Arena Solutions (Foster City, CA, USA; www.arenasolutions.com).
“There is virtually no part of a modern defense system that is not impacted in some way by optics and photonics, even when the system is not optically based. Modern defense systems are migrating toward optically-based imaging, remote sensing, communications, and weapons.”[i]
For machine vision and imaging companies, the aerospace and defense market can represent significant revenue opportunity and even the impetus for design advancements and technological breakthroughs. Companies participating in this market, however, may be subject to regulations such as International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Regulations apply, for example, to current products on the United States Munitions List (USML) or Commerce Control List (CCL).
Many vision and imaging companies provide products that are often part of larger systems in a supply chain where either the direct customer or ultimate customer is a defense prime or agency. Other scenarios include future shifts in company product lines or strategy, corporations merging with another ITAR-registered company, or the federal government changing its mind on what technologies fall under export control.
If ITAR and EAR do not currently apply, then a company has choices:
1. Do not bid for defense market business.
2. Design ITAR-free—consider the competition and customer demands.
3. Ensure processes and systems are in place that can meet requirements in the future.
Limiting future revenue streams can be shortsighted, particularly if a company can find another way that doesn’t negatively impact corporate objectives. Depending upon the industry and technologies, some companies can produce compelling, competitive products purposefully designed to be ITAR-free, containing no technical data deemed under export control. However, in areas where technologies clearly are of interest to the U.S. federal government, companies should proceed with caution if adopting an ITAR-free approach.
Consider past instances where U.S. regulations shifted, and the U.S. government found companies identifying their products as “ITAR-free” were in violation of regulations. Thales Alenia Space and its U.S. supply chain partners represent one memorable example.[ii]
Planning for a future where the company may need to meet these regulatory requirements, if it’s not already necessary, represents another option. Planning for maximum flexibility provides companies with advantages both today and tomorrow. Ensuring processes meet regulatory needs requires knowing what is done—product and quality control and transparency that will benefit the business with improved risk management, team efficiencies, and overall speed of development. The following represents a future-ready plan for maximum flexibility:
- Understand compliance requirements.
- Ensure processes include regulatory requirements.
- Assess existing systems that contain any part of the product record.
- Improve or replace systems that do not support regulatory compliance.
Understand ITAR/EAR compliance
To plan, one needs to understand. At the most basic level, the regulations stipulate that any technical data deemed controlled by ITAR or EAR be under export control, meaning that technical data must not be exported at any point during design or production (or sustaining activities) unless covered under an export license.[iii] In practical terms, this means that:
- ITAR- and EAR-regulated data must remain in the U.S. and be accessible only to U.S. persons.
- In-transit and at-rest data must be encrypted.
- Access to any platform containing regulated product data must be controlled and restricted to U.S. persons.
These regulations ensure companies have tight control over all regulated technical data, including what’s referred to as controlled unclassified information (CUI). The registered manufacturer defines what technical data in the product record is under export control based on the product, how the government classifies the product, and what particulars of the product are of interest to the U.S. government. Depending on the circumstances, technical data can include file names, component descriptions, engineering drawings, specifications, test procedures, bills of materials, and more. All restricted data must be tightly controlled based on the terms above. This control includes standard policies and procedures for access, audit history, and incident reporting.
Discipline in processes
Process work need not be drudgery and should yield straightforward workflows that everyone on the team understands, sees the value of following, and accepts. Requirements help focus processes with defined limits and/or deliverables.
- Document and assess processes against requirements.
- Adjust if necessary.
- Communicate and train to the processes.
System choices for maximum flexibility
When considering systems of record for the product record that may contain export-controlled data, security controls must take the highest priority. However, don’t stop there—evaluate options to get the most collaboration capabilities and overall functional scope possible to neutralize business threats. Modern systems can and should provide so much more to allow compliance with regulations and produce the best products for all customers, both commercial and defense.
Possible solutions include the well-used options of the past decades (desktop applications, file servers, homegrown databases, on-premise industry-provided applications) to more technologically advanced cloud-based options, both open commercial and government-grade secure. The older options can be comfortable for the cautious, but don’t deliver the collaboration flexibility and full functionality needed for a digital product record, and, surprisingly, aren’t as secure as assumed (see sidebar).
Secure cloud technologies and practices have progressed to the point that U.S. government agencies utilize a wide range of secure cloud tools for everyday business with Cloud First, Cloud Smart, and GovCloud initiatives and the in-process DoD’s JEDI initiative for a revolutionary secure Cloud[iv]. Regulatory bodies have recognized this technological maturity and platform advancements with regulation updates to account for more collaborative cloud options. Defense manufacturers can utilize modern and empowering cloud solutions to support regulatory compliance efforts and provide a competitive advantage in managing today’s multifaceted product development challenges.
To be future-ready in business, companies need to be as disruptive and flexible in decision-making, processes, and systems as they are in the technological aspects of product development. For the machine vision and imaging market, the aerospace and defense market is a natural fit, both for additive revenue and leading-edge design opportunity. Planning for the known regulatory compliance environment provides a strong core of processes and systems known, documented, and implemented that can take a company to scale with new market pushes, new product lines, and additional customer demands—and meet regulatory requirements with ease.
[i] “Chapter 4: Defense and National Security.” National Research Council. 2013. Optics and Photonics: Essential Technologies for Our Nation. Washington, DC: The National Academies Press. doi: 10.17226/13491.
[iii] ITAR and EAR regulations are complex, and the author is not offering any legal advice or counsel for any reader, nor should you take this article as guidance to supersede your responsibilities to comply with these regulations.