Security Executive Blog: April 2021

Saturday, April 24, 2021

Security clearance eligibility and working for foreign companies

I've recently received many emails from people who are curious about security clearances and working for foreign owned companies. Though the volume of those questions have increased, I guess the topic is no longer surprising in content as it could have been many years ago.

Many years ago, we might automatically assume that working for a foreign owned company would be indicative of highly questionable practices, but maybe not any longer.

Things have changed. More foreign owned companies are opening doors in the U.S. Internet opportunities open doors to employment. Working for foreign companies provides new opportunities regardless of boarders such as: investment, teleworking, and creative content services that allow artists to bid on customer jobs have made this more of a possibility.

But the questions have been pretty vague and hard to answer.

Am I allowed to work for a foreign company if I have a security clearance?
Will I be able to get a security clearance if I work for a foreign company?

The questions are vague because there are so many scenarios that the questions can reflect. Some scenarios include:

You are currently employed by a cleared defense contractor and have a security clearance and want to quit and work for a foreign owned company, and would one day like to return to working with a clearance. This scenario is very risky as you could lose out on future employment, but can be mitigated.
You do not have a security clearance, but may one day like to work on classified contracts in some capacity. However you want to apply to work for a foreign owned company. This scenario is less risky because you have nothing to lose other than the possibility of getting a clearance "one day".

There are many other scenarios and reasons describable and all are different and my answer would be, "It depends on the scenario". Additionally, it may depend on the security clearance level such as SECRET, TOP SECRET SCI, etc.

The bottom line is, can you be entrusted with national secrets because of employment with a foreign owned company? Having a security clearance is a very important responsibility. The security clearance holder is responsible for protecting classified information and supporting the security program to protect that classified data.

This opportunity is based on the adjudication process. Security clearance award is provided after the adjudication of the investigation results. Allegiance to the United States and Foreign Influence are two very important considerations that would have to be addressed prior to awarding the security clearance.

There are many ways to adjudicate risks under Allegiance to the United States, Foreign Influence and other adjudicative criteria. There are no automatic answers to these questions since it depends on the situation. Get all the facts prior to taking on such a job, determine your risk level, and develop a strategy to mitigate the risk to your security clearance.

If you have questions about this or other security clearance topics, visit my consulting site https://www.jeffreywbennett.com or email me at editor@redbikepublishing.com

Join our reader list for more articles.

Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances"

"How to Get U.S. Government Contracts and Classified Work"

"ISP(R) and ISOC Master Exam Prep"

and training:

NISPOM Fundamentals/FSO Training

Cleared Employee Training

Jeff is available to consult. Consulting Website"

Wednesday, April 21, 2021

Cleared Defense Contractor Performance and How to Protect Classified Information Fundamentals By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP

Cleared Defense Contractors use classified information during performance of contracts. The Department of Defense makes the rules and governs how the classified contractors protect classified material. The Federal Government has published a policy appropriately titled: The National Industrial Security Program Operating Manual (NISPOM). This page turner is sponsored by the Presidential Executive Order (E0)12829 for the protection of information classified under E.O. 12958, As Amended. Having poured over both publications and the updates, I can confidently assure you that they take this business very seriously.

When specific work declares performance objectives on classified efforts, provisions of the applicable DD Form 254 and Security Classification Guide (SCG) shall govern. Both the DD 254 and SCG spell out what specific work a contractor can and cannot perform, what exactly is classified and how to protect it. Both of these documents not only should be available prior to execution but read and understood by all performing employees.

Classified information is marked with CONFIDENTIAL, SECRET and TOP SECRET designations and must be afforded protection at the appropriate level. For example, unauthorized disclosure of CONFIDENTIAL information could reasonably be expected cause damage; SECRET could reasonably be expected to cause serious damage; and TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security. Prior to discussing or providing classified data, cleared employees are required to ascertain the receiving party’s clearance level and need-to-know.

Facility security officers and industrial security professionals should develop measures to safeguard classified information at the highest level indicated. Employees should be trained to perform on these contracts based on NISPOM Guidance. This training includes:

Non Disclosure Agreement (SF 312)

Derivative Classifier

Security Awareness Initial and Annual Refresher

Insider ThreatJoin our reader list for more articles.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "How to Get U.S. Government Contracts and Classified Work", "ISP(R) and ISOC Master Exam Prep", and NISPOM/FSO Training".

Controlled Unclassified Information

A buzz is sweeping the security community since the industry has been notified of the recent updates to DoD's CUI program based on the presidential memorandum with the subject, Designation and sharing of Controlled Unclassified Information (CUI). This memorandum implements a program designed to encourage the speedy sharing of information to those authorized and to better protect the information, privacy and legal rights of Americans. The CUI program is designed to promote proper safeguarding and dissemination of unclassified information.

Many readers may be familiar with the program CUI has replaced. Sensitive But Unclassified (SBU) information had enjoyed protection to a certain level but was not conducive to the necessary information sharing. Controlled Unclassified Information (CUI) directives provide procedures for a more appropriate Information Sharing Environment.

CUI is a designation of unclassified information that does not meet the requirements of Executive Order 12958, as amended (Classified National Security Information). However the protection is necessary for national security or the interests of entities outside the Federal Government. The unclassified information also falls under the law or policy advocating protection from unauthorized disclosure, proper safeguarding and limiting dissemination. Though not a classification, the controls in place may prove to require significant administrative action.

Designation of CUI can only be based on mission requirements, business prudence, legal privilege, protection of personal or commercial rights, safety or security. Finally, as with the classified information, sensitive information cannot be labeled CUI for the purposes of concealing violation of law, inefficiency, or administrative error. The designation cannot be used to prevent embarrassment to the Federal Government or an official, organization or agency, improperly or unlawfully interfere with competition in the private sector or prevent or delay the release of information that does not require such protection.

What does this mean for affected businesses and government agencies? Be prepared to implement the program to allow for proper storage and dissemination, and provide required CUI training. This requires the ability to properly mark the material or provide proper warning before discussing the information. Things to think about include: training employees, developing mail, fax, email and reception procedures, and ordering marking supplies. Also, keep information technology and other business units in the loop of communication. They will need to provide the right support at the right time.

Join our reader list for more articles.

Subscribe to: Posts (Atom)

Sponsor us.

We offer advertising space on our Podcast, newsletter, website and blog, for $700.00 per year. Our products are targeted directly to your market; only those who are providing defense industry security subscribe to our newsletter.

Effective advertising positions your company for success. You’ll get:

Advertisement on our sites marketing exclusively to defense contractors

Announcement in Podcast http://dodsecure.buzzsprout.com and on podcast page. Podcasts are available on Apple, Amazon, Buzzsprout and more.

Linked banner @ http://www.dodsecurity.blogspot.com/

Linked banner in sponsor section of home page https://www.redbikepublishing.com/sponsors/

Linked banner in monthly email newsletter dedicated to training cleared contractors on protecting classified information.

Consider allowing us to provide a 1000 word article about your product to feature on our blog and newsletter for $500.00

If you would like more information, please contact us editor@redbikepublishing.com

Here is a wrap up of what we were able to do in 2020

We've outsourced a few tasks to provide better customer service. To provide better content for our security professional customers, we've funded the following efforts just for our newsletter and Podcast considerations:

• Upgraded email functionality for better newsletter distribution

• Upgraded website content

• Purchased high quality microphones and mixers for podcasts

• Purchased high quality cameras for YouTube videos and course content

• Upgraded to video conference capability with paid subscriptions

• Purchased software packages for better formatting

• Attended Podcast 2020 and brought back some tremendous lessons learned

• and much more.

We’ve completed the following milestones this year:

• 25% more newsletter subscribers with your services listed.

• Provided referrals to sponsors

• Released 36 articles in more than 24 newsletter editions

• Over 40 blog posts with thousands of visitors with your services listed

• Interviewed multiple people to provide over 20 podcast episodes. We've reached over 2000 downloads, which is huge considering our small niche. I hope you've had a chance to listen to Ray DICE Man Semko. Getting him on podcast was a huge success.

You will also be able to provide any articles, white papers or messages personalized to our audience. We could also include you or other employees in some strategic podcasts as well. Always looking for great guests.

Pages

Saturday, April 24, 2021

Security clearance eligibility and working for foreign companies

Wednesday, April 21, 2021

Cleared Defense Contractor Performance and How to Protect Classified Information Fundamentals By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP

Controlled Unclassified Information