420 likes | 563 Views
Control and Handling of Export Controlled Information Course # 80038 Rev. F1. Uranium Enrichment Technology Gaseous Diffusion Technology Not Approved for Public Release. 2. Identifying ECI. 3. Terminal Objective
E N D
Control and Handling of Export Controlled Information Course # 80038 Rev. F1 Uranium Enrichment Technology Gaseous Diffusion Technology Not Approved for Public Release 2
Terminal Objective At completion of this course, the student will understand the control and handling of Export Controlled Information.
How Does Radiological ECI Relate to ISMS? The Integrated Safety Management System (ISMS) is a systematic, common sense approach to working safely. The objective of ISMS is to integrate working safely into management and work practices at all levels, addressing all types of work and all types of hazards to ensure safety for the workers, the public, and the environment. ISMS integrates working safely into planning and execution of work.
Unclassified technical information(WEMS ECI may include some legacy docs, D&D drawings/docs pertaining to GDP, computerized records systems, certain new procurements, etc.). Export is subject to export control laws and licenses. Unrestricted dissemination could help potential adversaries of the United States. What Is ECI? 6
Within the discipline of uranium enrichment, there are two major categories of ECI items: Trigger List Items — Equipment and materials especially designed or prepared for nuclear application. Dual Use Items — Items that have both nuclear and non-nuclear applications. NOTE: Additional ECI laws, regulations, and lists pertaining to other topics could apply to WEMS operations. If questions arise, contact the WEMS FSS export control coordinator for assistance. ECI Criteria 7
Unclassified information on gaseous diffusion assemblies and components such as: Barriers Diffuser housings Compressors Gas blowers Rotary shaft seals Heat exchangers Major Trigger List Items(Gaseous Diffusion Technology) 8
Major Trigger List Items, cont.(Gaseous Diffusion Technology) Unclassified information on gaseous diffusion auxiliary systems, equipment, and components such as: • Feed systems • Product and tails withdrawal systems • Header piping systems • Vacuum systems • Shut-off and control valves • Mass spectrometers/ion sources 9
Information on: High strength aluminum or maraging steel, beryllium, bismuth, boron, calcium, chlorine triflouride, “fibrous or filamentary materials” and prepregs, halfnium, lithium, magnesioum, radium, titanium, tungsten, zirconium, nickel powder, tritium, helium-3, and alpha-emitting radionuclides Corrosion-resistant valves Direct current high-power supplies (100 volts or greater) Corrosion-resistant pressure instrumentation Large vacuum pumps Certain seals Pressure transducers Mass spectrometers Major Dual Use Items(Gaseous Diffusion Technology) 10
Potential ECI at WEMS includes: Gaseous-diffusion processes or components — including in-line analytical equipment Site or facility drawings that (1) contain details about gaseous-diffusion processes/dimensions/components or (2) that don’t, yet are included in a document/ presentation/etc. that addresses any other item in the lists (such that the aggregate of data may enable someone to build a diffusion component) WEMS Potential ECI 11
WEMS requests for proposal (RFPs), requests for information (RFIs), and responses to vendor questions (however, it is unlikely WEMS will issue ECI procurements under its current scope) D&D drawings, certain legacy documents, and records turned over from USEC Procurements for computer software (many popular software programs are made by foreign companies or foreign persons; such programsmust not interface with ECI) Examples of Things That May Be Subject to Export Control 12
Marking ECI 13
ECI must be processed only on authorized computer systems, and potential ECI must be reviewed by an “authorized” ECI reviewing official prior to distribution. (If your document may contain ECI, contact the FSS export control coordinator before initiating a draft.) ECI must be marked appropriately, and uncontrolled dissemination especially to foreigners must be prevented. Review and Marking of ECI 14
An “ECI reviewing official” is a trained, qualified individual who is delegated and authorized in writing by the DOE’s Office of Non-Proliferation and International Security. WEMS has several authorized ECI reviewers on staff; a list is maintained on the intranet at: http://wemsnet/security/docs/ECIReviewerList.pdf. For questions or reviews, please contact the WEMS FSS export control coordinator John Zangri, ext. 3247, building X-1000). ECI Reviewing Official 15
Ensure that all documents formally identified as containing ECI information are marked with this information, to include the “approved reviewer” (signature) block and date, on the coversheet or first page. All other pages shall be marked “Export Controlled Information” at the bottom. Marking ECI Documents EXPORT CONTROLLED INFORMATION Contains technical information whose export is restricted by statute. Violations may result in administrative, civil, or criminal penalties. Limit dissemination to U.S. Department of Energy employees and contractors, and other U.S. Government agencies. The cognizant program manager must approve other dissemination. This notice shall not be separated from the attached document. Reviewer (Signature) ______________ Date ______________ 16
Ensure that all ECI removable media are marked with the words “EXPORT CONTROLLED INFORMATION.” Export controlled matter (equipment/tools/products) usually is not labeled as such, unless destined for disposal or shipped to another facility. Equipment markings shall be securely affixed to the property, legible, and conspicuous. Consult the WEMS FSS export control coordinator before disposing of any export controlled property. Marking ECI Media and Materials Export Controlled Information 17
Reviewed documents that do not contain ECI can be marked with the following verbiage on the bottom of the coversheet (if applicable) or the first page of the document: The export control coordinator or ECI reviewer determines whether to apply such markings to documents. “Non-ECI” Document Marking INFORMATION CONTAINED WITHIN DOES NOT CONTAIN EXPORT CONTROLLED INFORMATION Reviewer (Signature) ___________________ Date ___________ 18
Use a standard, unclassified copying machine or printer if desired. Limit copies to the minimum amount needed. Do not leave copies unattended. Manually clear copier/printer memory afterward. If copier/printer jams, clear all paper paths. Destroy any partial copies (place in locked shred bin). If necessary to have ECI reproduced off-site, then contact WEMS Contracts/Procurement to ensure appropriate controls are flowed into subcontracts and purchase orders. Copying/PrintingECI Documents 20
Personally Transporting ECI ECI must be concealed in a briefcase, hand-carried luggage, or other opaque covering that will prevent unauthorized access. ECI must remain in the control of the authorized individual(s). • The authorized individual is responsible to prevent unauthorized access to the ECI. 21
If mailing ECI on site: Place the marked document(s) inside an opaque envelope; seal the envelope, and mark it “To Be Opened By Addressee Only.” Then place that envelope in a normal intra-plant mailing envelope addressed to the intended recipient. Sending Hardcopy ECI Documents Through Plant Mail 22
If mailing ECI off site: Place the marked document(s) inside an opaque sealed envelope addressed to the intended recipient; provide a return address. Mark the envelope “To Be Opened By Addressee Only.” Utilize the US postal service (first class, express, certified, or registered mail) or any US commercial carrier that requires a recipient’s signature (Federal Express, United Parcel Service, etc.). Mailing Hardcopy ECI Documents 23
Faxing ECI • ECI may be transmitted with a standard unclassified facsimile machine if the following conditions are met: • The sender notifies the recipient before sending the fax (to verify the recipient is available to receive and control access to the fax). • The sender attaches a cover sheet that identifies the intended recipient, indicates that ECI is being transmitted, and specifies the total number of pages (including the coversheet). • The sender immediately contacts the recipient to verify the receipt of the fax. • The sender and recipient both manually clear the memories on their fax machines. 24
ECI shall be encrypted both inside and outside of the WEMS firewall (e.g., even when residing on restricted areas of the WEMS network, such as “M” drives or “home” drives, and even when emailed from one wems-llc.com address to another wems-llc.com address). Protecting ECI on Computers and in E-mails 25
ECI can be discussed by standard telephone if the following conditions are met: Do NOT use cell (mobile) phones! AVOID speaker phones except in controlled environments (e.g., closed offices, conference rooms, etc.). Verify that the person being called is authorized to receive the information and has a need to know. Communicating ECI Via Telephone 26
Use only WEMS-issued removable media (CDs/DVDs, USB drives, etc.). Manually encrypt ECI or potential ECI stored on removable media, and maintain control of the media. ECI stored on WEMS-issued, encrypted laptops does not have to be manually encrypted (WEMS laptops have automatic encryption software installed) as long as the authorized individual controls the laptop. ECI on all other laptops must be manually encrypted. Removable Media and Laptops 27
In vault-type security areas (e.g., X-1000 limited area conf. room or WEMS records vaults), store ECI such that it is not readily accessible to casual visitors. Outside of vault-type security areas (e.g., offices in X-1000 off site), store ECI in a locked container, cabinet, desk, or room to which only authorized individual(s) have access. Encrypt ECI even when storing it in access-controlled areas of the WEMS network. Do not place ECI (even if encrypted) on internet sites that are openly accessible to all employees or the public. Encrypt ECI before storing it on removable media, then control the media so only authorized individuals can access it. Storing ECI 28
Do not place ECI in trash or recycling bins (put documents in locked shred bins to await disposal). Dispose of ECI paper documents using any crosscut or ¼-inch strip shredder. Destroy ECI on CDs using a shredder designed to accommodate disks. Destroy ECI matter beyond its intended use/design; contact the FSS export control coordinator for instructions. During destruction, protect ECI from being viewed by persons without a need to know. Destroying ECI 29
DOE requires an ECI review and license before release of technology that could help proliferators or potential adversaries. Any request for an export license must be processed through the WEMS FSS export control coordinator. Export licensing requirements must be met for any export of ECI, including “deemed export” transfers to foreign persons within the US. Export Licensing 31
A deemed export is domestic release of export controlled technology, including software, verbal information, or documents (i.e., release to a foreign person within US boundaries). Deemed Export Definition NOTE: Information does not have to leave the boundaries of the United States to be considered an “export.” 32
The matrix displayed on the following page describes who may be considered a “US person” and who may be considered a “foreign person.” Read across the top row to the box that identifies the status of the individual, then down the first column to the box that identifies the status of the entity that individual is representing. The actual status of the individual for export control purposes is identified where the applicable column and row intersect. • For example, a US citizen who works for a foreign-incorporated company is considered a foreign person, and must be treated as a foreign person for export control compliance purposes. More broadly, any representative of a foreign interest (*RFI) is a foreign person. • Take a few moments to become familiar with these descriptions as they pertain to export controlled information.
Export Control US/Foreign Person Matrix * Includes US citizens, US nationals, permanent resident aliens (“green card” holders), alien refugees, aliens granted asylum, amnesty applicants, and special agricultural workers. 34
Export Control — US/Foreign Person Matrix, cont. US citizen – native-born or naturalized citizen of the United States. US national – citizen of a US possession that does not have statehood, such as Puerto Rico, Guam, American Samoa, etc. Permanent resident alien – also known as “green card” holder. Holds I-151 or I-551 document. Alien refugee–granted refugee status; holds I-571 document. Alien granted asylum in the US–granted asylee status. Special agricultural worker/amnesty applicant–someone admitted for temporary residence in one of these categories. Holds I-688 document (not I-688A or I-688B). 35
Anyone who meets ALLof the following criteria: Has a need to know (determined by WEMS Security) and Is a US person and Is an employee or subcontractor of: WEMS or A US federal agency funding WEMS work (i.e., DOE) or A potential supplier to which WEMS Contracts/Procurement has flowed down ECI controls (e.g., via contract terms and conditions) Who Can Access WEMS ECI Without a License 36
WEMS likely will never need to turn ECI over to suppliers during a bidding or purchase process. If such an occasion arose, WEMS would first have to flow down ECI controls to all bidders/suppliers (e.g., via terms and conditions) and obtain an ECI review of any technical information to be distributed. However, WEMS may need to purchase items (e.g., software) that, once in place, could allow the supplier to gain access to ECI (e.g., electronic records). Such procurements must first undergo ECI review, as many suppliers are considered foreign persons. ECI and Procurement 37
What Is Unauthorized Disclosure? • Unauthorized disclosure of ECI occurs when: • ECI is released to the public at large(such as public relations articles, news stories, and radio/TV broadcasts). • ECI is released to an entity without a need to know. • Technical information is released to suppliers without having been reviewed for ECI. • ECI is released to suppliers without a mechanism in place to flow down ECI (e.g., general terms/conditions). • ECI has been released to a foreign national or agent of a foreign national. 38
Examples of Unauthorized Disclosure • ECI is placed in DOE’s Environmental Information Center. • ECI is published to a public web site (even if encrypted, ECI should not be put on the internet). • ECI is published to a restricted portion of the WEMS intranet without being encrypted. • ECI is emailed without being encrypted. • ECI is discussed over a cell phone or viewed in a public place. • ECI is presented at a conference or public meeting. 39
In person or by secure device, notify the FSS security manager and your line manager if you suspect an unauthorized disclosure has occurred. Try to contain the release: Attempt to retrieve the ECI. Identify the means of release. Attempt to identify the persons involved in the release Responding to Unauthorized Disclosures 40
Penalties for unauthorized disclosure of ECI can be quite severe and may include fines (e.g., $1,000,000), prison terms, or both. Penalties for Unauthorized Disclosure 41