US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes.

The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes. 

The rule announced by the BIS tightens export controls on technology that could be used by adversaries to conduct malicious cyber activities and surveillance of private citizens resulting in human rights abuse.

The rull will become effective in 90 days and will ban the export of “cybersecurity items” for National Security (NS) and Anti-terrorism (AT) reasons.

“Specifically, this rule establishes a new control on these items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in the circumstances described. These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.” reads the announcement published by the Bureau of Industry and Security, Commerce.

The new License Exception Authorized Cybersecurity Exports would allow the export, reexport and transfer (in-country) of ‘cybersecurity items’ to most destinations, while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern.  The license will be required for those countries subject to a U.S. arms embargo.

The complete list includes states of weapons of mass destruction or national security concern or subject to a U.S. arms embargo.

The rule is consistent with the result of BIS’s negotiations in the Wassenaar Arrangement (W.A.) multilateral export control regime and results from a review of comments from Congress, the private sector, academia, civil society, and other stakeholders.

U.S. Secretary of Commerce Gina M. Raimondo explained that the new rule aims at preventing the use of this technology by threat actors that could hit US computer networks threaten U.S. national security.

“The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights. The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities.” said U.S. Secretary of Commerce Raimondo.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Bureau of Industry and Security)

[adrotate banner=”5″]

[adrotate banner=”13″]