SMT007 Magazine

40 SMT007 MAGAZINE I JULY 2022 sidered CUI for you. e more likely situa- tion when you're producing parts that are pro- prietary is that other laws or regulations will still apply. For example, I might create prod- uct designs that are completely proprietary, but they may still be export controlled under the International Traffic and Arms Regulation (ITAR) or the Export Administration Regula- tion (EAR). ose are based on the nature of what you make, not who owns the data. Johnson: ere are different scopes of interest here. Bonner: ere really are. And that's why data management becomes so important in these discussions. It's a skill set that is not oen developed inside manufacturing organiza- tions, especially when they mostly execute on someone else's designs. ere needs to be a patron, if you will, somewhere up the supply chain who is the design authority on finished goods and is able to better slice and dice or dis- seminate the data they own in ways that stay inside all the legal bounds and don't over pre- scribe CUI protections. Johnson: But that's the conundrum, isn't it? For an EMS company, their role is to be a service provider; they take the pieces and solder them together. For the board fabricator, they're cre- ating a circuit board with no real knowledge of its purpose or function. Bonner: Absolutely. e real question becomes how customer data is leveraged in the perfor- mance of that work. Someone we call a pro- cess provider, who solders and assembles indi- vidual components into an overall assembly, in many cases, they don't generate many inter- nal data sets. ey're leveraging what is sent to them with the task order or the technical order. In those cases, they have very little control over the type of data they're receiving and whether it is export controlled or CUI. In those cases, these organizations must be prepared to match or meet the safeguarding requirements of the data set without prior knowledge of what it is before they receive it. Johnson: It gets tricky. You were just implying that somebody must own this. In the overall process, who owns it? Bonner: I think there's a misplaced sense of trust that DoD program managers own this, in the sense that they will create a pristine data protection plan for their program that com-

• SMT007 Magazine — July 2022
• Featured Content — Solving Data Security
• Additional Content
• Column — Data Security: It's Incumbent Upon You
• Feature Interview — Time to Get Serious About CMMC Readiness
• Short — Article Excerpt: Don't Hit the Snooze on Cybersecurity
• Feature Column — Zombie Cars: The Next Pandemic Is Digital
• Feature Article — How Important Is Trust?
• Infographic: CMMC 1.0 vs CMMC 2.0
• Feature Interview — CMMC 2.0: Are You Ready?
• FBI PSA: Business Email Compromise: The $43 Billion Scam
• Short — Scientists Create New Method to Kill Cyberattacks in Less Than a Second
• Feature Column — The Virtual Via Drum
• Electronics Industry News and Market Highlights
• Article — Solder Paste Printing and Optimizations for Interconnecting Back Contact Cells
• MilAero007 Highlights
• Interview — Balancing Talent and Procurement Challenges
• Supplier Highlights
• Column — Opening New Opportunities in Mexico
• Short — Lean Digital Thread: The Secure Digital Thread
• Column — Breaking Down the Math
• Top Ten Editor's Picks
• Career Opportunities section
• I-007e Educational Resource Center
• Advertiser Index and Masthead
• Problems Solved! Subscribe to our magazines.