'The Power of Information – Threats and Opportunities in Defence Export Control'

In Security and Defence, adherence to complex Export Control legislation is essential. For Governments, it is necessary to ensure that regulated items such as hardware, technical data, and defence services are only exported to authorised users. For Companies, it is vital that they comply with the applicable laws of all the countries concerned; otherwise, they can be fined or ultimately debarred, losing their ‘licence to trade’.Driven by the accelerated use of Information Technology, the risk balance has transformed from risks largely concerned with unlicensed hardware to now being centred on information risks. Recent cases highlight that the majority of alleged violations contain information assets. In tandem with this threat, opportunities have arisen since these information capabilities have also produced toolsets to help risk mitigation.This paper is based on research undertaken in support of an Export Control IT Automation programme. The methodology commenced with a Literature Review that included a detailed analysis of the allegations and the remedies reached for all US Department of State cases where a Consent Agreement was used to settle alleged Export Control violations. These include non-US Companies, as US Export Controls are applied extra-territorially.This work distils into themes the issues that have been encountered, and contains process-steps and measures that can be taken to mitigate risk. The findings also discuss the identified risks associated with managing Export Controlled information, and the types of IT Automation toolsets available to mitigate these risks.The work should be of interest to all parties involved in Export Control.