Home Governance U.S. Govt to Control Export of Cybersecurity Items to Regions with Despotic...

U.S. Govt to Control Export of Cybersecurity Items to Regions with Despotic Practices

The U.S. Commerce Department’s Bureau of Industry and Security announces ban on export of cybersecurity tools and solutions that are used for espionage and surveillance

CISA VDP platform, U.S. export ban on cybersecurity items

The Commerce Department’s Bureau of Industry and Security (BIS) in the U.S. announced new policies to control the export of cybersecurity items to regions with despotic practices. Russia and China are the more popular names that are associated with such authoritarian practices.

The Biden government since its time in office, has been taking a stern stand towards the issue of cybersecurity and sanctioned a host of cybersecurity plans.

State-sponsored cyberattacks and espionage have been cresting and need to be contained. Per the announcement by BIS, the control would ban the U.S. companies from exporting and reselling software and hardware tools that are proliferating and nourishing the autocratic practices that use malicious hacking activities and human rights abuse.

Per the Commerce Department’s statement, “This rule establishes a new control on these items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in the circumstances described.

The rule will become effective in 90 days and will effectively ban the export of “cybersecurity items” for National Security (NS) and Anti-terrorism (AT) reasons.”

It continues to state that these items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny, or degrade the network or devices on it.

This proposed ban also aligns the U.S. with the 42 European and other allies that are members of the Wassenaar Arrangement, which sets voluntary export control policies on military and dual-use technologies — or products that can be used for both civilian and military purposes.

The Wassenaar Arrangement (WA)

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a multilateral export control regime (MECR) with 42 participating states including many former Comecon (Warsaw Pact) countries established in 1996.

The Wassenaar Arrangement has been established to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations. The aim is also to prevent the acquisition of these items by terrorists.

Participating States seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals and are not diverted to support such capabilities.

In Perspective

The Pegasus spyware was one such incident, which highlighted the problem of surveillance in the name of national security. The spyware was extensively being used for snooping on activists, journalists, and politicians. The NSO Group Technologies, that created Pegasus spyware vehemently denied any involvement. It said it just creates the tool and sells it to governments and intelligence or security agencies, which use it for anti-terrorism surveillance and national security.

This proposed control will ban the misuse of these cybersecurity tools and help contain the widespread abuse at the hands of countries with malicious intentions.

Governments around the world are waking up to the need to collectively address the issue of cybersecurity and take joint action to curb cyberattacks. The White House National Security Council facilitated an initiative where 31 countries came together to deliberate the efforts to improve national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals.

Concerted efforts like these must be pursued to address the global cybersecurity issue; countries must unite to disrupt the safe heavens which are sheltering the threat vectors if they do not want to see disruption in their critical services.