Stony Brook University (SBU) faculty, staff, and students travels internationally
on university-related business (e.g., conferences, sabbaticals, research, surveys,
collaborations, delegations, student recruitment) to many locations and may bring
university-owned items (e.g., laptops, cellphones, materials, data, equipment) or
personal owned items containing SBU information.
All persons traveling internationally on University-related travel, regardless of
funding source, are required to pre-register their travel in Concur. The SBU Concur website is available here.
Understand the Research Security Risks Associated with International Travel
Travelers should be aware that:
When traveling internationally, there is no expectation of privacy.
In a destination country, U.S. ports of entry and in transit, eavesdropping may take
place on all electronic devices (see Cybersecurity below).
Cybersecurity: Protect Electronic Devices and Data (all types)
Researchers, as well as faculty and staff, traveling internationally with SBU (any
university source of funds) owned electronic devices or personal electronic devices
that contain SBU (any university or research) information or applications must protect
these electronic devices, and the data they contain, in accordance with SBU policies/processes.
Below is excerpted guidance on how to secure your devices from the Division of Information Technology's IT Security Considerations While Traveling.
Note for travel to some countries, e.g., China, Russian, Iran, it is recommended to
not bring any electronic devices.
Bring only the devices (laptops, phone, tablets) you absolutely need. If you must
bring devices:
Remove all information not essential to the travel.
Do not take confidential, classified, proprietary, unpublished or high-risk data.
Update all antivirus, security patches, and firewalls.
Set up password protection on any device.
Install only the mininum number of applications needed.
Encrypt your hard drive (be sure to check your destination country before doing so,
encryption is illegal in some countries).
Public locations and resources may be targeted by attackers to transfer the information
that you send to their unauthorized networks or systems.
Do not connect to free Wi-Fi hotspots at untrusted locations. Avoid using them whenever
possible and never access sensitive data while connected to one.
Disable wireless and bluetooth when not in use.
Connect to the campus VPN before accessing campus resources.
While browsing the Web, never ignore a warning message regarding a website's SSL security
certificate being invalid.
Never charge your device using publicly available charging cables or publicly available
USB ports.
Assume that any device and all credentials used while abroad have been compromised.
Wipe the device and reset all credentials that were used while traveling upon return.
This may seem excessive, but it is common for passwords to be intercepted and malware
to be secretly installed on a device while visiting another country, with the primary
goal of compromising the network you connect to when you return to the United States.
Physical Security: Protect Devices
Researchers, as well as faculty and staff, traveling internationally should keep devices
under their control during international travel.
Keep devices and information secure when you travel:
Carry devices on your person.
Do not leave devices unattended in a public area
Do not transport them in checked baggage.
Use a privacy screen to ensure that no one can shoulder surf or view the information
on your monitor.
Store devices in a locked location such as a hotel safe or use physical cable locks.
Export Controls
In addition to cybersecurity and physical security of devices, an export license or
documented export license may be needed to transport items internationally. For
additional information review the Send a Shipment or Hand-Carry Items Internationally guidance.
Travel to an embargoed/sanctioned country (i.e, Cuba, Iran, North Korea, Russia, Syria
or Ukraine (specific regions) to conduct any SBU related activities must be reviewed
by the Export Control compliance team. Most activities require an export license or documented export license exception/general
license.
In general, standard business and personal laptops, PDAs and cell phones either don't
require a license for the destination (e.g. Germany, England) or can be taken under
a Tools of the Trade license exception to the Export Administration Regulations (EAR). This does not apply to Cuba, Iran, North Korea, Russia, Syria or other OFAC sanctioned
countries.
Contain after market applications or software that is restricted for U.S. use only.
When using this exception, the devices must stay under your effective control (physical
security) and must return within one-year.
International travel with field equipment and/or research materials may require an
export license. Contact the Export Control Compliance team before taking or shipping field equipment or research materials.
Federal Sponsor Requirements
Researchers with federal funding must understand and federal sponsor requirements
and/or restrictions for international travel on their awards before traveling internationally.
Contact the Office of Grants Management for questions regarding charging your international
travel to a sponsored award.
Sponsored awards that do not have international travel budgeted may require prior
sponsor approval.
Travel on sponsored awards must be for the benefit of the sponsored award.
Contact the Office of Sponsored Programs for questions regarding the conduct of research
projects at international locations.
Sponsored awards may require prior approval for international research locations and/or
partners.
