US Bans Selling Spyware

Uploaded on 2021-11-02 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The US Commerce Department has announced that it will apply tighter controls on companies selling hacking tools to certain foreign governments and US companies will soon need to obtain a license to sell certain kinds of software. The new rule specifically includes cyber security tools that could be used for hacking or surveillance. 

The rule issued by the agency’s Bureau of Industry and Security (BIS) will require companies to obtain a license to sell hacking technology to certain countries deemed threats to US interests and will come into effect in January 2022.

BIS will establish “controls on the export, re-export or transfer (in-country) of certain items that can be used for malicious cyber activities.” The rule also creates a new License Exception Authorised Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on US industry and the cyber security community. 

The lengthy rule is complicated, but would require US firms to secure a license to export select cyber technologies to countries “of national security or weapons of mass destruction concern,” including Russia and China. 

The rule includes license requirements for companies that wish to sell cyber technologies to companies under US arms embargo, or users who could intentionally misuse products. “These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the interim rule reads. The new rule has been under preparation for several years and the BIS received nearly 300 comments about the proposed rule, including concerns that changes might limit legitimate cyber research and incident response activities. 

 According to BIS, the agency “conducted extensive outreach with the security industry, financial institutions, and government agencies that manage cybersecurity” before scrapping some of the rule’s original conditions, bringing the US government on par with 42 other nations that are members of the Wassenaar Arrangement. This is an international arrangement that sets voluntary export controls on some military and civilian purposes.

The interim rule imposes regulations on the sale of hacking tools, which most other member nations had already done. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights... The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities,” Secretary of Commerce Gina Raimondo said.

It is unclear how effective the controls will be in slowing countries such as Israel, China and Russia from amassing more hacking expertise. 

These countries already command extensive cyber power, security experts say, with China investing heavily in emerging technologies and Moscow providing safe harbor to criminal hacking gangs that target the US and other rival nations.  Israel is the location of several companies with expertise in surveillance and spyware techniques. A spokesman for the Chinese Embassy in Washington said China is a frequent target of cyber attacks and the export controls highlight US hacking capabilities.

While state-sponsored foreign hackers mainly target other government systems, there's no shortage of domestic and overseas hackers attempting to infiltrate businesses and personal accounts.

NextGov:   US Commerce Dept:    Reuters:    WSJ:    The Record:    Stratfor Worldview:   MSPP Alert:    Tech.co 

You Might Also Read: 

Heads Of State On NSO Spyware List:

 

« The Smart Cities Revolution
Internet Phone Providers Under Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.