AGREEMENT BETWEEN THE DEPARTMENT OF DEFENSE OF THE UNITED STATES OF AMERICA AND THE GOVERNMENT OF THE KINGDOM OF SWEDEN CONCERNING COOPERATION ON INFORMATION ASSURANCE IA AND COMPUTER NETWORK DEFENSE CND Short Title U S - SWEDEN IA CND AGREEMENT THIS DOCUMENT IS CERTIFIED TO BE A TRUE COPY CERTIFIED BY Mr Mark G Hall Office of the Assistant Secretary of Defense Networks and Information Integration Director Information Assurance Policy and Strategy GS-15 TABLE OF CONTENTS PREAMBLE 3 ARTICLE I 4 4 DEFINITION OF TERMS 6 ARTICLE II 6 OBJECTIVE AND SCOPE 7 ARTICLE III 7 MANAGEMENT 11 ARTICLE IV CHANNELS OF COMMUNICATION AND VISITS 11 12 ARTICLE V 12 FINANCIAL ARRANGEMENTS 13 ARTICLE VI 13 CONTRACTUAL ARRANGEMENTS 14 ARTICLE VII DISCLOSURE AND USE OF IA CND INFORMATION 14 16 ARTICLE VIII CONTROLLED UNCLASSIFIED INFORMATION 16 ARTICLE IX 17 SECURITY 17 19 ARTICLE X 19 THIRD PARTY TRANSFERS 20 ARTICLE XI 20 SETTLEMENT OF DISPUTES 21 ARTICLE XII 21 GENERAL PROVISIONS 22 ARTICLE XIII ENTRY INTO FORCE AMENDMENT TERMINATION AND DURATION 2 22 PREAMBLE The Department of Defense of the United States of America U S DoD and the Government of the Kingdom of Sweden hereinafter referred to as the Parties Recognizing that the Exchange of Notes constituting the General Security of Military Information Agreement between the Government of the Kingdom of Sweden and the Government of the United States of America which entered into force December 23 1981 applies to this Agreement Recognizing the successful collaboration under the Agreement between the Department of Defense of the United States of America and the Government of the Kingdom of Sweden Concerning Exchange of Research and Development Information Short Title Sweden-U S Master Information Exchange Agreement which entered into force June 13 1997 and the Information Exchange Annex D-05-SW-0002 Concerning Information Assurance which entered into force December 7 2005 Having a common interest in defense Recognizing the benefits to be obtained from the mutual support in coordinating information assurance and computer network defense matters Desiring to improve their conventional defense capabilities through the exchange of Information Assurance Computer Network Defense Information IA CND Information and in the planning and execution of combined military operations and Recognizing the benefits to the Parties of cooperation in the mutual exchange of information related to cyber defense Have agreed as follows 3 ARTICLE I DEFINITION OF TERMS 1 1 The Parties have jointly decided upon the following definitions for terms used in this Agreement Authorities Government officials listed in this Agreement who are authorized to act on behalf of the Parties in matters pertinent to the implementation of this Agreement Classified Information Official information that requires protection in the interests of national security and is so designated by the application of a security classification marking This information may be in oral visual magnetic or documentary form or in the form of equipment technology Computer Network Defense CND Actions taken to protect monitor analyze detect and respond to unauthorized activity within information systems and computer networks The unauthorized activity may include disruption denial degradation destruction exploitation or access to computer networks information systems or their contents or theft of information CND protection activity employs IA protection activity CND response includes alert or threat information monitoring analysis detection activities and trend and pattern analysis Contractor Support Personnel Persons specifically identified as providing administrative managerial scientific or technical support services to a Party under a support contract Controlled Unclassified Information Unclassified information to which access or distribution limitations have been applied in accordance with applicable national laws or regulations It includes information that has been declassified but remains controlled Designated Security Authority The security authority designated by national authorities to be responsible for the coordination and implementation of national industrial security aspects of this Agreement Establishments Government organizations listed in this Agreement that provide or have an interest in the information to be exchanged through the Project Officers or Executive Agents Executive Agents Government organizations listed in this Agreement that are authorized to act on behalf of the Authorities and that have responsibility for implementation management and data or information exchange procedures pertinent to this Agreement Information Assurance Computer Network Defense Information IA CND Information Any IA or CND knowledge that can be communicated by any means regardless of form or type including but not limited to scientific technical business or financial knowledge whether or not subject to copyright patents or other legal protection Information Assurance IA Confidentiality integrity availability authentication and nonrepudiation of information systems or information being handled by the information systems including actions to protect and defend these systems Intellectual Property In accordance with the World Trade Organization Agreement on Trade-related Aspects of Intellectual Property Rights of April 15 1994 all copyright and related rights all rights in relation to inventions including patent rights all rights in registered and unregistered trademarks including service marks registered and unregistered designs undisclosed information including trade secrets and know-how layout designs of integrated circuits and geographical indications and any other rights resulting from creative activity in the industrial scientific literary and artistic fields Party A signatory to this Agreement represented by its military or civilian personnel Contractors and Contractor Support Personnel shall not be representatives of a Party under this Agreement Project Officers Representatives of Government organizations who are specifically authorized by AUthorities to maintain policy oversight of IA and CND activities Response All actions taken to handle incidents reported by or affecting members of the Parties Standard Operating Procedure SOP Procedure to share IA CND Information Third Party A government or entity other than a Party or a Government of a Party and any person or other entity whose government is not a Party or the Government of a Party ARTICLE II OBJECTIVE AND SCOPE 2 1 The objective of this Agreement is to conduct information exchanges and related activities between the Swedish Ministry of Defense MOD on behalf of the Government of the Kingdom of Sweden and DoD including the U S European Command USEUCOM in matters of IA and CND The Parties shall conduct bilateral IA and CND activities and IA CND Information sharing to contribute to both Parties' common goals of protecting information networks Actions carried out within the scope of this Agreement shall result in enhanced defensive capabilities to 2 1 1 improve the confidentiality integrity and availability of the information and the information systems used to transmit and process information for decision-makers 2 1 2 enhance the interoperability of U S and Swedish forces 2 1 3 improve cyber attack prediction detection and response capabilities and 2 1 4 improve interoperability policy development configuration management and standardization of information and information systems to provide for more robust and reliable command and control systems 2 2 The scope of this Agreement shall include 2 2 1 developing a Standard Operating Procedure SOP and 2 2 2 identifying technical solutions or administrative documentation required for the continuous exchange of IA CND Information 2 3 Exchanges of information under this Agreement shall be on a reciprocal balanced basis such that the information provided or exchanged between the Parties or through the designated Project Officers and Executive Agents shall be of approximately equivalent value quantitatively and qualitatively 2 4 No defense equipment or services may be exchanged or provided under this Agreement 6 ARTICLE III MANAGEMENT 3 1 The Parties hereby establish the following Authorities for this Agreement or their equivalents in the event of reorganization U S DoD Sweden Assistant Secretary of Defense ASD Networks and Information Integration NII Swedish Defense Material Administration FMV 3 2 The Authorities shall be responsible for 3 2 1 reviewing and recommending for approval to the Parties amendments to this Agreement in accordance with Article XIII Entry into Force Amendment Termination and Duration of this Agreement 3 2 2 exercising executive-level oversight of efforts provided in this Agreement 3 2 3 resolving issues brought forth by the Project Officers 3 2 4 designating the Project Officers and updating the list of Establishments and 3 2 4 employing best efforts to resolve in consultation with the export control authorities of the Parties any export control issues raised by the Project Officers in accordance with subparagraph 3 4 8 or raised by a Party's Authority in accordance with paragraph 3 12 of this Article 3 3 The following Project Officers for this Agreement are responsible for the management of this Agreement and shall represent the Authorities U S DoD Sweden Director International Information Assurance Program Office of the Assistant Secretary of Defense OASD Networks and Information Integration NII Chief Information Officer Swedish Armed Forces Headquarters 3 4 Project Officers for this Agreement shall be responsible for 3 4 1 exercising policy oversight of activities under this Agreement 3 4 2 resolving issues brought forth by Executive Agents 3 4 3 referring to the Authorities issues that cannot be mutually resolved by the Project 7 Officers 3 4 4 Agreement 3 4 5 recommending to the Authorities the amendment or termination of this establishing and maintaining annual objectives for this Agreement as appropriate 3 4 6 Monitoring Third Party sales and authorized transfers in accordance with Article X Third Party Transfers of this Agreement 3 4 7 providing oversight to the U S -Sweden Information Assurance Working Group IAWG described in paragraph 3 7 of this Article and 3 4 8 Monitoring export control arrangements required to implement this Agreement and if applicable referring immediately to the Authorities any export control issues that could adversely affect the implementation of this Agreement 3 5 The Executive Agents for this Agreement who shall act as the designated functional points of contact and have responsibility for implementation of the Agreement and data information exchange procedures are U S DoD Sweden 3 6 U S European Command USEUCOM SwAF Network And Telecommunications Unit CND-Unit ITF The Executive Agents shall 3 6 1 exercise day-to-day management of Agreement implementation activities and information exchanges 3 6 2 maintain oversight of the security aspects of this Agreement in accordance with Article VII Disclosure and Use of IA CND Information Article VIII Controlled Unclassified Information and Article IX Security of this Agreement and 3 6 3 establish and co-chair the Information Assurance Working Group IAWG described in paragraph 3 7 of this Article 3 7 The Authorities with the Project Officers shall establish a working group consisting of appropriate representatives to develop and maintain SOPs The working group is designated as the U S - Sweden Information Assurance Working Group IAWG The IAWG shall maintain overall control for IA CND activities within the scope of this Agreement 3 8 The U S -Sweden IAWG shall at a minimum meet annually and as required to administer and coordinate IA and CND activities The U S -Sweden IAWG shall determine the frequency and nature of the IA CND Information exchanges and shall establish procedures for rapid exchanges of CND-related information during periods of crisis or hostilities 8 3 9 The U S -Sweden IAWG shall be responsible for 3 9 1 3 9 2 Agreement providing required information to the Project Officers as requested by the Parties reviewing and providing progress reports to the Parties of activities under this resolving bilateral IA and CND issues or forwarding to the Project Officers issues 3 9 3 that cannot be resolved at their level 3 9 4 reviewing and forwarding to the Parties recommended amendments to this Agreement in accordance with Article XIII Entry into Force Amendment Termination and Duration of this Agreement 3 9 5 maintaining oversight of the security aspects of this Agreement and 3 9 6 developing and maintaining the SOP for information exchanges 3 10 The Establishments for this Agreement are U S DoD Sweden 1 U S European Command USEUCOM 2 U S Strategic Command USSTRATCOM and Joint Task Force-Global Network Operation JTF-GNO 3 Defense Information Systems Agency DISA 4 Defense-wide Information Assurance Program DIAP 1 Swedish Armed Forces FM 2 Swedish Defense Material Administration FMV 3 Swedish Defense Research Agency FOl 3 11 The Establishments may 3 11 1 provide or receive IA CND Information to be exchanged through Project Officers or Executive Agents and 3 11 2 receive IA CND Information directly from the originating Party with its consent 3 12 If a Party finds it necessary to exercise a restriction on the retransfer of exportcontrolled information as set out in paragraph 7 10 of Article VII Disclosure and Use of Project Information of this Agreement it shall promptly inform the other Party If a restriction is then exercised and an affected Party objects that Party's Authority shall 9 promptly notify the other Party's Authority and they shall immediately consult in order to discuss ways to resolve such issues or mitigate any adverse effects 10 ARTICLE IV CHANNELS OF COMMUNICATION AND VISITS 4 1 IA CND Information may only be exchanged by those Project Officers Executive Agents and U S or Swedish individuals who are authorized to do so and are either appointed members of the U S -Sweden IAWG or are authorized representatives of Establishments IA CND Information exchanged between the Parties shall be forwarded via Government-toGovernment channels for appropriate dissemination Each Party shall permit visits to its Government facilities agencies and laboratories and 4 2 contractor industrial facilities by employees or Contractor Support Personnel of the other Party provided that the visit is authorized by both Parties and the employees have all necessary and appropriate security clearances and need-to-know All visiting personnel shall be required to comply with security regulations and 4 3 procedures of the host Party Any information disclosed or made available to visitors shall be treated as if supplied to the Party sponsoring the visiting personnel and shall be subject to the provisions of this Agreement Requests for visits by personnel of one Party to a facility of the other Party shall be 4 4 coordinated through official channels and shall conform with the established visit procedures of the host Party Requests for visits shall bear the name of this Agreement and include a proposed list of topics to be discussed Lists of personnel of each Party required to visit on a continuing basis facilities of the 4 5 other Party shall be submitted through official channels in accordance with recurring visit procedures 11 ARTICLE V FINANCIAL ARRANGEMENTS Each Party shall bear the full costs of its participation under this Agreement No funds 5 1 shall be transferred between the Parties A Party shall promptly notify the other Party if available funds are not adequate to fulfill its responsibilities under this Agreement 4 12 ARTICLE VI CONTRACTUAL ARRANGEMENTS 6 1 This Agreement provides no authority for placing contracts on behalf of the other Party in connection with any IA CND Information exchanges under this Agreement Furthermore this Agreement creates no responsibility to put in place contracts to implement any IA CND Information exchanges under this Agreement 6 2 Each Party shall legally bind its contractors to a requirement that the contractor shall not retransfer or otherwise use export-controlled information furnished by the other Party for any purpose other than the purposes authorized under this Agreement The contractor shall also be legally bound not to retransfer the export-controlled information to another contractor or subcontractor unless that contractor or subcontractor has been legally bound to limit use of the information to the purposes authorized under this Agreement Export-controlled information furnished by one Party under this Agreement may only be retransferred by another Party to its contractors if the legal arrangements required by this paragraph have been established 13 ARTICLE VII DISCLOSURE AND USE OF IA CND INFORMATION 7 1 Only information related to IA and CND shall be provided or exchanged under this Agreement 7 2 Relevant information within the scope of this Agreement may be provided or exchanged bilaterally between the Parties according to the disclosure policies of the originating Party 7 3 Information shall be provided or exchanged only when it may be done in accordance with the following provisions 7 3 1 Information may be made available only if the rights of holders of Intellectual Property rights are not infringed and Disclosure must be consistent with the respective national laws regulations and 7 3 2 policies of the originating Party 7 4 All IA CND information that is subject to Intellectual Property rights shall be identified and marked and it shall be handled as Controlled Unclassified Information or as Classified Information depending on its security classification 7 5 Information that is exchanged under this Agreement shall be disclosed to Third Parties by the receiving Party only in accordance with Article X Third Party Transfers of this Agreement 7 6 This Agreement does not alter the Parties' policies or procedures regarding the exchanges of intelligence or intelligence-related information nor does it provide authority for exchanges of intelligence information beyond that of existing Government instructions and notices governing exchange of intelligence information 7 7 IA CND Information provided by the Parties under this Agreement may be used by the other Party solely for information evaluation and planning purposes consistent with Article II Objective and Scope of this Agreement IA CND Information shall not be used by the receiving Party for any purpose other than the purpose for which it was furnished without the specific prior written consent of the furnishing Party specifying the authorized use of the IA CND Information The receiving Party shall not disclose IA CND Information exchanged under this Agreement to contractors or any other persons other than its Contractor Support Personnel without the specific written consent of the furnishing Party IA CND Information that is exchanged under this Agreement shall only be disclosed to Third Parties by the receiving Party in accordance with Article X Third Party Transfers of this Agreement The receiving Party shall ensure that Contract Support Personnel contractors or any 7 8 other persons to whom it discloses IA CND Information received under this Agreement are placed under a legally binding obligation to comply with the provisions of this Agreement 14 7 9 No transfer of ownership of IA CND Information shall take place under this Agreement IA CND Information shall remain the property of the originating Party or its contractors 7 10 Transfer of IC CND Information shall be consistent with the furnishing Party's applicable export control laws and regulations Unless otherwise restricted by duly authorized officials of the furnishing Party at the time of transfer to another Party all exportcontrolled information furnished by that Party to another Party may be retransferred to the other Party's Contractor Support Personnel subject to the requirements of paragraph 6 2 of Article VI Contractual Arrangements of this Agreement Export-controlled information may be furnished by Contractor Support Personnel of one Party to the Contractor Support Personnel other the other Party pursuant to this Agreement subject to the conditions established in licenses or other approvals issued by the Government of the former Party furnishing the information in accordance with its applicable export control laws and regulations 7 11 Each Party shall notify the other Party of any Intellectual Property infringement claims made in its territory as a result of the exchange of information pursuant to this Agreement Insofar as possible the other Party shall provide information available to it that may assist in defending the claim Each Party shall be responsible for handling all Intellectual Property infringement claims made in its territory and shall consult with the other Party during the handling and prior to any settlement of such claims 7 12 No export-controlled information shall be provided or exchanged by either Party except as otherwise provided in this Agreement 15 ARTICLE VIII CONTROLLED UNCLASSIFIED INFORMATION Except as otherwise provided in this Agreement or as authorized in writing by the 8 1 furnishing Party Controlled Unclassified Information provided or generated pursuant to this Agreement shall be controlled as follows Such information shall be used only for the purposes specified in Article VII 8 1 1 Disclosure and Use of IA CND Information of this Agreement Access to Controlled Unclassified Information shall be limited to personnel whose 8 1 2 access is necessary for the permitted use under subparagraph 8 1 1 of this Article and shall be subject to the provisions of Article X Third Party Transfers of this Agreement and Each Party shall take all lawful steps which may include national classification 8 1 3 available to it to keep Controlled Unclassified Information free from further disclosure including requests under any legislative provisions except as provided in subparagraph 8 1 2 of this Article unless the originating Party consents to such disclosure In the event of unauthorized disclosure or if it becomes probable that the information may have to be further disclosed under any legislative provision immediate notification shall be given to the originating Party To assist in providing the appropriate controls the originating Party shall ensure that 8 2 Controlled Unclassified Information is appropriately marked to indicate its in confidence nature The Parties shall decide in advance and in writing on the markings to be placed on the Controlled Unclassified Information Prior to authorizing the release of Controlled Unclassified Information to contractors the 8 3 Parties shall ensure the contractors are legally bound to control Controlled Unclassified Information in accordance with the provisions of this Article 16 ARTICLE IX SECURITY All Classified Information provided pursuant to this Agreement shall be used stored 9 1 handled transmitted and safeguarded in accordance with the Exchange of Notes constituting the General Security of Military Information Agreement between the Government of the Kingdom of Sweden and the Government of the United States of America which entered into force December 23 1981 9 2 Classified Information shall be transferred only through official Government-toGovernment channels or through channels approved by the Designated Security Authorities of the Parties Such Classified Information shall bear the level of classification and denote the country of origin and the provisions of release and the fact that the Classified Information relates to this Agreement Each Party shall take all appropriate lawful steps available to it to ensure that Classified 9 3 Information provided or generated pursuant to this Agreement is protected from further disclosure except as provided by paragraph 9 6 of this Article unless the other Party consents to such disclosure Accordingly each Party shall ensure that 9 3 1 The recipient Party shall not release the Classified Information to any Third Party without the prior written consent of the originating Party in accordance with the procedures set forth in Article X Third Party Transfers of this Agreement 9 3 2 The recipient Party shall not use the Classified Information for other than the purposes provided for in this Agreement 9 3 3 The recipient Party shall comply with any distribution and access restrictions on Classified Information that is provided under this Agreement Each Party shall undertake to maintain the security classifications assigned to Classified 9 4 Information by the originating Party and shall afford to such Classified Information the same degree of security protection provided by the originating Party Each Party shall ensure that access to the Classified Information is limited to those 9 5 persons who possess the requisite security clearances and have a specific need for access to such Classified Information 9 6 The Parties shall investigate all cases in which it is known or when there are grounds for suspecting that Classified Information provided pursuant to this Agreement has been lost or disclosed to unauthorized persons Each Party shall also promptly and fully inform the other Party of the details of any such occurrence the final results of the investigation and corrective action taken to preclude recurrence 17 9 7 For any facility wherein Classified Information is to be used the responsible Party or Establishment shall approve the appointment of a person or persons to exercise effectively the responsibilities for safeguarding at such facility the Classified Information pertaining to this Agreement These officials shall be responsible for limiting access to Classified Information involved in this Agreement to those persons who have been properly approved for access and have a need-to-know Information provided or generated pursuant to this Agreement may be classified as high 9 8 as SECRET The•existence of this Agreement is UNCLASSIFIED and the contents are UNCLASSIFIED 18 ARTICLE X THIRD PARTY TRANSFERS 10 1 The Parties shall not sell transfer title to disclose or transfer possession of IA CND Information received under this Agreement to any Third Party without the prior written consent of the Government of the Party that provided that IA CND Information under this Agreement Furthermore neither Party shall permit any such sale disclosure or transfer including by the owner of the IA CND Information without the prior written consent of the Government of the other Party Such consent shall not be given unless the Government of the intended recipient confirms in writing to the other Party that it shall 10 1 1 Not retransfer or permit the further retransfer of IA CND Information provided 10 1 2 Use or permit the use of the equipment or IA CND Information provided only for the purposes specified by the Parties 10 2 The providing Party's Government shall be solely responsible for authorizing such transfers and approving the purpose of such transfers and as applicable specifying the method and provisions for implementing such transfers 19 ARTICLE XI SETTLEMENT OF DISPUTES 11 1 Disputes between the Parties arising under or relating to this Agreement shall be resolved only by consultation between the Parties and shall not be referred to a national court to an international tribunal or to any other person or entity for settlement 20 ARTICLE XII GENERAL PROVISIONS 12 1 The activities carried out under this Agreement shall be carried out in accordance with the Parties' respective national laws and regulations including their export control laws and regulations The obligations of the Parties shall be subject to the availability of funds for such purposes 12 2 This Agreement does not replace amend or terminate any existing bilateral information exchanges or cooperative programs 21 ARTICLE XIII ENTRY INTO FORCE AMENDMENT TERMINATION AND DURATION 13 1 This Agreement which consists of a Preamble and thirteen Articles shall enter into force upon signature by both Parties and shall remain in force for fifteen 15 years The Parties shall consult no later than one year prior to the expiration of this Agreement to decide whether to extend its duration 13 2 This Agreement may be amended or extended upon the mutual written agreement of the Parties which shall be signed by both Parties' Authorities in accordance with subparagraph 3 2 1 of Article III Management of this Agreement 13 3 This Agreement may be terminated at any time upon the written agreement of the Parties In the event both Parties agree to terminate this Agreement the Parties shall consult prior to the date of termination to ensure termination on the most economical and equitable terms 13 4 Either Party may terminate this Agreement upon 90 days written notification of its intent to terminate to the other Party Such notification shall be the subject of immediate consultation by the IAWG to decide upon the appropriate course of action to conclude theactivities under this Agreement In the event of such termination the terminating Party shall continue participation financial or otherwise up to this effective date of termination 13 5 The respective rights and responsibilities of the Parties regarding Article VII Disclosure and Use of IA CND Information Article VIII Controlled Unclassified Information Article IX Security and Article X Third Party Transfers of this Agreement shall continue notwithstanding termination or expiration of this Agreement 22 IN WITNESS WHEREOF the undersigned being duly authorized have signed this Agreement concerning Cooperation on Information Assurance IA and Computer Network Defense CND DONE in duplicate in the English language For the Department of Defense of the United For the G eminent of the Kingdom of Swed States of America S ly ture John G Grimes Name Gunnar Holmgren Name Assistant Secretary of Defense Networks and Information Integration Title Director General Defence Materiel Administration Title Date Location l'fAt ' Loo 1 Date 54 ik4 Location 23
OCR of the Document
View the Document >>