Raytheon Aircraft is no different than most companies today.

The $2.1 billion subsidiary of the national defense contractor is exploiting outsourcing, both onshore and off, to cut costs, access skilled workers and operate more efficiently.

But unlike some companies, one false move on an outsourcing deal could cost the airplane manufacturer tens of millions of dollars, jeopardize its ability to sell to the U.S. government or even land its executives in jail. That’s because Raytheon and its subsidiaries are subject to export regulations that restrict what information can be viewed by foreign IT workers. Data that could enable another country to build a missile or military aircraft -- or even a seemingly innocuous radio -- is restricted.

Raytheon Aircraft ran into just that issue last summer, when it inked an outsourcing deal with IBM. The company gave IBM control over support and further development of its SAP system. IBM, for cost reasons, declared its intent to use subcontractors in India on the application, which contains such sensitive information as how to build the skin of a commercial jet. And that’s when Raytheon Aircraft CIO Doug Debrecht knew he had a problem on his hands. Executives at his parent company soon confirmed his intuition. They insisted that IBM not use foreign contractors until Debrecht came up with a surefire way to keep them out of Raytheon’s network.

Raytheon is not the only company dealing with this dilemma. Many in the military-industrial complex are keen to figure out a way to move IT work offshore. The federal government itself, one of the largest outsourcers in the country, must consider where the work it is sending to EDS or Lockheed Martin will ultimately wind up. And even nondefense-related companies must sort out how similar data-access situations apply to regulations like the Health Insurance Portability and Accountability and Gramm-Leach-Bliley acts. Consider the case of the clerical worker in Pakistan who threatened to post a U.S. hospital’s patient data online if she wasn’t paid more money. Any sensitive data can be dangerous in the wrong hands.

This is a new minefield for defense IT. While other parts of the business have incurred major penalties for export violations, military defense contractors have, up until now, largely dismissed the idea of using offshore talent on their systems. "If you look at my counterparts at Boeing, Raytheon and Lockheed Martin and compare us to the rest of our peers in the Fortune 500, we’re the rare breed that still does very little offshoring, and that’s all because of [International Traffic in Arms Regulations] and export regulations," says Tom Shelman, CIO for Northrop Grumman.