Government Contractors Forum: Security Clearance and Insider Threat Boot Camp February 9, 2016 Thomas J. Langer Vice President of Security, BAE Systems, Inc. Kevin Bickmore Facility Security Officer, Crowell & Moring LLP Moderated by: Mark A. Ries, Senior Counsel, Crowell & Moring LLP

NISPOM Update & Security Basics

Thomas J. Langer Bio Tom Langer is the Vice President of Security for BAE Systems, Inc., headquartered in Arlington, VA. BAE Systems, Inc. is the U.S.-based arm of BAE Systems plc, headquartered in London, England. In this position Tom is responsible for the overall security program for the Company’s facilities in the US, the United Kingdom, Sweden and Israel, and the Company’s compliance with the Special Security Agreement between BAE Systems, Inc. and the U.S. Government.

Prior to his current position, Tom served from November 2000 to September 2001 as the Director of Security for BAE Systems, Inc’s Information and Electronic Warfare Systems in Nashua, New Hampshire. Concurrently he held the position of Sector Director of Security for BAE Systems, Inc.‘s Information and Electronic Systems Integration, also headquartered in Nashua.

Prior to the company being acquired by BAE Systems, Inc. in November of 2000, Tom served as the Director of Security for Sanders, a Lockheed Martin Company. From 1994 to 1999, Tom was the Sr. Program Security Manager for a series of classified intelligence programs. From 1980 until 1994, Tom held a series of program and management positions within the security department of Sanders, involving areas such as classification management, information security, facility security and investigations. Tom served as a sworn officer in Patrol and the Juvenile Divisions of the Manchester Police Department in Manchester, NH from 1977 until beginning his industrial security career with Sanders.

Tom received his Bachelors of Science degree in Criminal Justice from St. Anselm College in Manchester, New Hampshire.

Tom serves as a member of the Board of Directors and President Elect of ASIS International, and was previously chairman of the Aerospace Industries Association’s Industrial Security Committee and a member of the National Industrial Security Program Policy Advisory Committee of the Information Security Oversight Office within the National Archives. 2

Kevin Bickmore Bio Kevin Bickmore joined Crowell & Moring as its Facility Security Officer in December, 2015. Crowell & Moring is headquartered in Washington, D.C. and was founded in 1979. It is an international law firm with approximately 500 lawyers representing clients in litigation, regulatory, and transnational matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bon services and diversity.

Prior to his current position, Kevin spent 27 years with the United States Government. He served for 10 years in the U.S. Navy as an Intelligence Specialist and served overseas during the Persian Gulf War. After is tour of duty in San Diego he was assigned to the Defense Intelligence Agency and served as a Counterintelligence specialist while on active duty and then as a civilian. In 1999 Kevin joined the Defense Security Service as a Special Agent in Industrial Security. He would service up to 100 cleared facilities in his role as an Industrial Security Representative. In 2008 he transferred to DSS headquarters and joined the Foreign Ownership Control & Influence Branch as a FOCI Action Officer. He would oversee the process of placing various types of mitigation agreements into place such as Special Security Agreements, Proxy Agreements and Board Resolutions. Kevin left DSS in 2012 and took a civilian position with the Defense Threat and Reduction Agency on FT. Belvoir working in Industrial Security. He then took the role as Facility Security Officer with EMCOR Government Services in Arlington, VA. He stayed in that position until December 2015 when he joined Crowell & Moring as its new Facility Security Officer.

3

Mark A. Ries Bio Mark Ries is a senior counsel in the Government Contracts Group in Crowell & Moring's Washington, D.C. office. Mark's practice includes a wide variety of government procurement law, including bid protests, internal investigations, ethics and compliance, interpretation of FAR and agency supplement contract clauses and solicitation provisions, contract claims and disputes, and small business contracting. During his 20 years of service in the U.S. Army, Mark garnered experience across the full spectrum of government contract and fiscal law matters as an acquisition law specialist within the U.S. Army Judge Advocate General's Corps.

Mark's final Army assignment was with the Acquisition Law Practice Group in the Office of the Army General Counsel (OGC), where he advised the assistant secretary of the Army for Acquisition, Logistics and Technology (ASA(ALT)), the director of Army Small Business Programs, Program Executive Officers, and program managers in support of major defense acquisition programs and other procurements with congressional and public interest, and served as the Army's legal representative on the Defense Acquisition Regulation Council.

Before his OGC position, Mark litigated in defense of the Army and Department of Defense agencies against bid protests before the Government Accountability Office and Court of Federal Claims, and contract appeals before the Armed Services Board of Contract Appeals. Mark also served as the deputy chief counsel for the Army's contracting command in Europe, and was an associate professor at the Army's Judge Advocate General's School, the premier federal government provider of contract and fiscal law education. He taught all aspects of government contract and fiscal law and was the recognized subject matter expert in bid protests, construction contracting, contingency contracting, and contractors on the battlefield. Prior to focusing on government contract law, Mark prosecuted felonies and misdemeanors and served as the sole legal advisor for a 4,500-person organization. While deployed to Iraq, he advised military commanders on international law compliance and advised senior officers investigating alleged war crimes. During his military career, Mark was also a platoon leader, an operations officer, and a branch chief in charge of congressional inquiries and line of duty investigations.

4

• National Industrial Security Program (“NISP”) & NISP Operating Manual (“NISPOM”)

• Personnel Security Clearance (“PCL”)

• Facility Security Clearance (“FCL”)

• Foreign Ownership, Control, or Influence (“FOCI”)

• Insider Threat Program Requirements

Agenda

National Industrial Security Program (“NISP”)

• Executive Order 12829, January 6, 1993

– Established the NISP to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the U.S. Gov’t

• “Contractors, licensees, and grantees” include current, former, and prospective

• Applies to all executive branch departments and agencies

• National Security Council provides overall policy direction

• NISP Policy Advisory Committee

– 16 Government, 8 Industry

6

NISP Operating Manual (“NISPOM”)

• Establishes requirements and safeguards to prevent unauthorized disclosure of classified information

• Numerous requirements, including: • Facility Clearances

• Personnel Security Clearances

• Foreign Ownership, Control, or Influence

• Training

• Classification & Marking

• Safeguarding of Classified Information

• Information System Security

• Subcontracting 7

Personnel Security Clearance (“PCL”)

• Employee may be processed for a PCL when the contractor determines that access is essential in the performance of a classified contract

• Contractors must limit PCL requests to the minimal number of employees necessary

– Requests may not be made to establish “pools” of cleared employees

• Investigation Types

– Single Scope Background Investigation (“SSBI”)

– National Agency Check with Local Agency Check and Credit Check (“NACLC”)

– Polygraph

• Reciprocity

• No Contractor-Granted Clearances

• U.S. Citizens Only

• Interim PCLs

8

Facility Security Clearance (“FCL”)

• Administrative determination that a company is eligible for access to classified information or award of a classified contract

– Contractors may NOT use the FCL for advertising

• Eligibility

– Must be sponsored by a Government contracting activity or a currently cleared contractor

– Must need access for legitimate government requirement

– Must be organized and existing, and be located, in one of the fifty states, D.C., or Puerto Rico

– Reputation for integrity and lawful conduct; not debarred

– Caution: Foreign Ownership, Control, or Influence

– PCLs for Facility Security Officer (“FSO”) (U.S. citizen) and senior management official

– Other officials obtain PCLs or be excluded from classified access 9

Foreign Ownership, Control, or Influence (“FOCI”)

• Policy. Allow foreign investment consistent with national security

• A U.S. company is under FOCI whenever a foreign interest has the power

– direct or indirect, whether or not exercised or exercisable

– to direct or decide matters affecting management or operations

– Which may result in unauthorized access to classified information or adversely affect performance of a classified contract

• Primary consideration shall be safeguarding classified information

• Company under FOCI is ineligible for an FCL until security measures are in place to negate or mitigate the FOCI

10

Foreign Ownership, Control, or Influence (“FOCI”)

• Factors:

– Record of economic and government espionage against U.S. targets

– Record of enforcement and/or engagement in unauthorized technology transfer

– The type and sensitivity of the information that shall be accessed

– The source, nature and extent of FOCI

• Majority or substantial minority position

• Immediate, intermediate, and ultimate parent companies

– Record of compliance with pertinent U.S. laws, regulations and contracts

– The nature of any bilateral and multilateral security and information exchange agreements

– Ownership or control, in whole or in part, by a foreign government

11

Insider Threat Program Requirements

• Executive Order 13587, “Structural Reforms to Improve Security of Classified

Networks and the Responsible Sharing and Safeguarding of Classified

Information”

• National Industrial Security Program Operating Manual (NISPOM) Conforming

Change 2 (pending), mandates for cleared defense contractors:

– Establishing insider threat program

– Designating insider threat senior official, cleared in connection with the FCL

– Self-assessments of insider threat programs

– Insider threat training for insider threat program personnel and awareness of

employees

– Monitoring network activity

12

Questions?

13