US Bans Selling Spyware

The US Commerce Department has announced that it will apply tighter controls on companies selling hacking tools to certain foreign governments and US companies will soon need to obtain a license to sell certain kinds of software. The new rule specifically includes cyber security tools that could be used for hacking or surveillance. 

The rule issued by the agency’s Bureau of Industry and Security (BIS) will require companies to obtain a license to sell hacking technology to certain countries deemed threats to US interests and will come into effect in January 2022.

BIS will establish “controls on the export, re-export or transfer (in-country) of certain items that can be used for malicious cyber activities.” The rule also creates a new License Exception Authorised Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on US industry and the cyber security community. 

The lengthy rule is complicated, but would require US firms to secure a license to export select cyber technologies to countries “of national security or weapons of mass destruction concern,” including Russia and China. 

The rule includes license requirements for companies that wish to sell cyber technologies to companies under US arms embargo, or users who could intentionally misuse products. “These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the interim rule reads. The new rule has been under preparation for several years and the BIS received nearly 300 comments about the proposed rule, including concerns that changes might limit legitimate cyber research and incident response activities. 

 According to BIS, the agency “conducted extensive outreach with the security industry, financial institutions, and government agencies that manage cybersecurity” before scrapping some of the rule’s original conditions, bringing the US government on par with 42 other nations that are members of the Wassenaar Arrangement. This is an international arrangement that sets voluntary export controls on some military and civilian purposes.

The interim rule imposes regulations on the sale of hacking tools, which most other member nations had already done. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights... The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities,” Secretary of Commerce Gina Raimondo said.

It is unclear how effective the controls will be in slowing countries such as Israel, China and Russia from amassing more hacking expertise. 

These countries already command extensive cyber power, security experts say, with China investing heavily in emerging technologies and Moscow providing safe harbor to criminal hacking gangs that target the US and other rival nations.  Israel is the location of several companies with expertise in surveillance and spyware techniques. A spokesman for the Chinese Embassy in Washington said China is a frequent target of cyber attacks and the export controls highlight US hacking capabilities.

While state-sponsored foreign hackers mainly target other government systems, there's no shortage of domestic and overseas hackers attempting to infiltrate businesses and personal accounts.

NextGov:   US Commerce Dept:    Reuters:    WSJ:    The Record:    Stratfor Worldview:   MSPP Alert:    Tech.co 

You Might Also Read: 

Heads Of State On NSO Spyware List:

 

« The Smart Cities Revolution
Internet Phone Providers Under Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

Complete Cyber

Complete Cyber

Complete Cyber provide professional cybersecurity services and products to help secure your infrastructure, systems and data.

DataTrails

DataTrails

DataTrails enables organizations to prove and verify the provenance and authenticity of any data they use in their business operations.