Offshore Outsourcing Security: Defensive Action
IT executives at the major defense contractors are working together to figure out how they can enable easier worldwide collaboration while still complying with export regulations.
Thu, January 15, 2004
CIO — Through a project called the Program for Secure Collaboration Across the TransAtlantic Defense Community, competitors BAE Systems, General Dynamics, Lockheed Martin, Raytheon and Rolls-Royce, as well as the Department of Defense and Great Britain’s Ministry of Defence, have been working on developing best practices and standards for data security and server access when working across national borders. "The idea is to remove the roadblocks to collaboration while meeting requirements for various export control regulations," says Michael Daly, corporate director of IT security for Raytheon.
The initial intent was to foster collaboration between the United States and Great Britain, but the group has broadened its mandate to develop standards for offshore outsourcing around the globe. Issues discussed include what the appropriate level of encryption is, what a log should look like, what the rules should be for server access, and so forth.
On a more informal level, the same objective -- figuring out how to do offshore outsourcing -- tops the agenda for Tom Shelman, CIO of Northrop Grumman, and a steering group he leads of CIOs in the Aerospace Industries Association of America, including Rebecca Rhoads of Raytheon, Scott Griffin of Boeing and Joe Cleveland of Lockheed Martin. "We have monthly teleconferences, and it’s one of the issues we have right now -- offshoring and ITAR concerns and what we can do about it," Shelman says.