US Bans Selling Spyware

Uploaded on 2021-11-02 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The US Commerce Department has announced that it will apply tighter controls on companies selling hacking tools to certain foreign governments and US companies will soon need to obtain a license to sell certain kinds of software. The new rule specifically includes cyber security tools that could be used for hacking or surveillance. 

The rule issued by the agency’s Bureau of Industry and Security (BIS) will require companies to obtain a license to sell hacking technology to certain countries deemed threats to US interests and will come into effect in January 2022.

BIS will establish “controls on the export, re-export or transfer (in-country) of certain items that can be used for malicious cyber activities.” The rule also creates a new License Exception Authorised Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on US industry and the cyber security community. 

The lengthy rule is complicated, but would require US firms to secure a license to export select cyber technologies to countries “of national security or weapons of mass destruction concern,” including Russia and China. 

The rule includes license requirements for companies that wish to sell cyber technologies to companies under US arms embargo, or users who could intentionally misuse products. “These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the interim rule reads. The new rule has been under preparation for several years and the BIS received nearly 300 comments about the proposed rule, including concerns that changes might limit legitimate cyber research and incident response activities. 

 According to BIS, the agency “conducted extensive outreach with the security industry, financial institutions, and government agencies that manage cybersecurity” before scrapping some of the rule’s original conditions, bringing the US government on par with 42 other nations that are members of the Wassenaar Arrangement. This is an international arrangement that sets voluntary export controls on some military and civilian purposes.

The interim rule imposes regulations on the sale of hacking tools, which most other member nations had already done. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights... The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities,” Secretary of Commerce Gina Raimondo said.

It is unclear how effective the controls will be in slowing countries such as Israel, China and Russia from amassing more hacking expertise. 

These countries already command extensive cyber power, security experts say, with China investing heavily in emerging technologies and Moscow providing safe harbor to criminal hacking gangs that target the US and other rival nations.  Israel is the location of several companies with expertise in surveillance and spyware techniques. A spokesman for the Chinese Embassy in Washington said China is a frequent target of cyber attacks and the export controls highlight US hacking capabilities.

While state-sponsored foreign hackers mainly target other government systems, there's no shortage of domestic and overseas hackers attempting to infiltrate businesses and personal accounts.

NextGov:   US Commerce Dept:    Reuters:    WSJ:    The Record:    Stratfor Worldview:   MSPP Alert:    Tech.co 

You Might Also Read: 

Heads Of State On NSO Spyware List:

 

« The Smart Cities Revolution
Internet Phone Providers Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.

CyberMass

CyberMass

CyberMass provides Cyber Advisory/Consulting, Professional and Managed Services offering complete cybersecurity as a service protection to businesses.

Innerworks

Innerworks

Innerworks intelligent bot detection. Innerworks is building the future of behavioural data on web3.