US Bans Selling Spyware

Uploaded on 2021-11-02 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The US Commerce Department has announced that it will apply tighter controls on companies selling hacking tools to certain foreign governments and US companies will soon need to obtain a license to sell certain kinds of software. The new rule specifically includes cyber security tools that could be used for hacking or surveillance. 

The rule issued by the agency’s Bureau of Industry and Security (BIS) will require companies to obtain a license to sell hacking technology to certain countries deemed threats to US interests and will come into effect in January 2022.

BIS will establish “controls on the export, re-export or transfer (in-country) of certain items that can be used for malicious cyber activities.” The rule also creates a new License Exception Authorised Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on US industry and the cyber security community. 

The lengthy rule is complicated, but would require US firms to secure a license to export select cyber technologies to countries “of national security or weapons of mass destruction concern,” including Russia and China. 

The rule includes license requirements for companies that wish to sell cyber technologies to companies under US arms embargo, or users who could intentionally misuse products. “These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the interim rule reads. The new rule has been under preparation for several years and the BIS received nearly 300 comments about the proposed rule, including concerns that changes might limit legitimate cyber research and incident response activities. 

 According to BIS, the agency “conducted extensive outreach with the security industry, financial institutions, and government agencies that manage cybersecurity” before scrapping some of the rule’s original conditions, bringing the US government on par with 42 other nations that are members of the Wassenaar Arrangement. This is an international arrangement that sets voluntary export controls on some military and civilian purposes.

The interim rule imposes regulations on the sale of hacking tools, which most other member nations had already done. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights... The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities,” Secretary of Commerce Gina Raimondo said.

It is unclear how effective the controls will be in slowing countries such as Israel, China and Russia from amassing more hacking expertise. 

These countries already command extensive cyber power, security experts say, with China investing heavily in emerging technologies and Moscow providing safe harbor to criminal hacking gangs that target the US and other rival nations.  Israel is the location of several companies with expertise in surveillance and spyware techniques. A spokesman for the Chinese Embassy in Washington said China is a frequent target of cyber attacks and the export controls highlight US hacking capabilities.

While state-sponsored foreign hackers mainly target other government systems, there's no shortage of domestic and overseas hackers attempting to infiltrate businesses and personal accounts.

NextGov:   US Commerce Dept:    Reuters:    WSJ:    The Record:    Stratfor Worldview:   MSPP Alert:    Tech.co 

You Might Also Read: 

Heads Of State On NSO Spyware List:

 

« The Smart Cities Revolution
Internet Phone Providers Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

BA-CSIRT

BA-CSIRT

BA-CSIRT is a center which is dedicated to assist and raise awareness among citizens and the Government of the City of Buenos Aires in everything related to information security.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.