US Bans Selling Spyware

The US Commerce Department has announced that it will apply tighter controls on companies selling hacking tools to certain foreign governments and US companies will soon need to obtain a license to sell certain kinds of software. The new rule specifically includes cyber security tools that could be used for hacking or surveillance. 

The rule issued by the agency’s Bureau of Industry and Security (BIS) will require companies to obtain a license to sell hacking technology to certain countries deemed threats to US interests and will come into effect in January 2022.

BIS will establish “controls on the export, re-export or transfer (in-country) of certain items that can be used for malicious cyber activities.” The rule also creates a new License Exception Authorised Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on US industry and the cyber security community. 

The lengthy rule is complicated, but would require US firms to secure a license to export select cyber technologies to countries “of national security or weapons of mass destruction concern,” including Russia and China. 

The rule includes license requirements for companies that wish to sell cyber technologies to companies under US arms embargo, or users who could intentionally misuse products. “These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the interim rule reads. The new rule has been under preparation for several years and the BIS received nearly 300 comments about the proposed rule, including concerns that changes might limit legitimate cyber research and incident response activities. 

 According to BIS, the agency “conducted extensive outreach with the security industry, financial institutions, and government agencies that manage cybersecurity” before scrapping some of the rule’s original conditions, bringing the US government on par with 42 other nations that are members of the Wassenaar Arrangement. This is an international arrangement that sets voluntary export controls on some military and civilian purposes.

The interim rule imposes regulations on the sale of hacking tools, which most other member nations had already done. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights... The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities,” Secretary of Commerce Gina Raimondo said.

It is unclear how effective the controls will be in slowing countries such as Israel, China and Russia from amassing more hacking expertise. 

These countries already command extensive cyber power, security experts say, with China investing heavily in emerging technologies and Moscow providing safe harbor to criminal hacking gangs that target the US and other rival nations.  Israel is the location of several companies with expertise in surveillance and spyware techniques. A spokesman for the Chinese Embassy in Washington said China is a frequent target of cyber attacks and the export controls highlight US hacking capabilities.

While state-sponsored foreign hackers mainly target other government systems, there's no shortage of domestic and overseas hackers attempting to infiltrate businesses and personal accounts.

NextGov:   US Commerce Dept:    Reuters:    WSJ:    The Record:    Stratfor Worldview:   MSPP Alert:    Tech.co 

You Might Also Read: 

Heads Of State On NSO Spyware List:

 

« The Smart Cities Revolution
Internet Phone Providers Under Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

CYSEC Global

CYSEC Global

CYSEC Global is a series of summits dedicated to tackle regional cyber security challenges.