The federal agency responsible for regulating the export of sensitive goods and technologies is moving to an entirely Net-based system to process applications for export licenses and other requests.
Starting Monday, the Commerce Department's Bureau of Industry and Security is requiring members of the public to submit export and re-export license applications--along with classification requests, encryption review requests, and agricultural commodities license exception notifications--via its Simplified Network Application Process (SNAP-R) system.
The BIS is retiring its Electronic License Application Information Network (ELAIN). Paper forms may only be submitted if the applicant meets one of a handful of exceptions, such as lack of access to the Internet. The new requirement does not apply to applications for Special Comprehensive Licenses.
The new rule affects the way the agency handles sensitive information, including chemical and biological weapons proliferation concerns and applications for exporting items for military use to China.
With sensitive international trade information in the bureau's possession, the Department of Homeland Security has confirmed that the bureau has been a target of "international actors engaging in broad federal level cyber-espionage," according to the Federal Register entry that lays out the bureau's new rules.
"The general nature of the cyber-espionage threat is that BIS has been and continues to be the target of attempts by external actors to exfiltrate data," the Federal Register entry states. "The history and pattern of these attacks support the premise that their frequency and sophistication are likely to increase. BIS bases its information technology security planning upon that premise."
The bureau asserts the SNAP system, which was updated in 2006, provides improved security through rights management and an updated application and security infrastructure. The use of the system is also designed to reduce processing times and simplify compliance with export controls. So far in 2008, more than 96 percent of submissions that would fall under the SNAP requirement were submitted via the system already.
Most of the public comments the bureau received regarding the requirement said that SNAP should be modified to allow corporate applicants to transfer data directly from their databases, pointing out the cost and inefficiency of manually entering information on SNAP.
Even though other government programs, such as the State Department's export license application system D-TRADE, have direct data interfaces, the bureau said the cybersecurity threat it faces compelled it to use a compartmentalized network and security infrastructure.