Oct 21, 2021 19:00:00

The United States regulates the export of hacking tools to foreign countries, and also prevents the spread of the spy software 'Pegasus' that raged

On October 20, 2021, the

Bureau of Industry and Security (BIS) of the United States Department of Commerce announced that it would introduce new export control regulations aimed at curbing the export and re-export of hacking tools to certain countries. Authorities are soliciting comments on the introduction of this rule, which has been on hold for years due to concerns that it would hinder cybersecurity improvements in the country.

Information Security Controls: Cybersecurity Items
(PDF file) https://public-inspection.federalregister.gov/2021-22774.pdf

Commerce Tightens Export Controls on Items Used in Surveillance of Private Citizens and other Malicious Cyber Activities | US Department of Commerce
https://www.commerce.gov/news/press-releases/2021/10/commerce-tightens-export-controls-items-used-surveillance-private

Commerce Department announces new rule aimed at stemming sale of hacking tools to Russia and China --The Washington Post
https://www.washingtonpost.com/national-security/commerce-department-announces-new-rule-aimed-at-stemming-sale-of-hacking-tools-to-repressive-governments/2021/10/20/ ecb56428-311b-11ec-93e2-dba2c2c11851_story.html

The rules announced by the Department of Commerce regulate the export, re-export, or domestic transfer of certain items that may be used in malicious cyber activities. This requires a license to export the item to a country that has been embargoed by the United States or is suspected of possessing national security concerns or weapons of mass destruction.

The Washington Post, an overseas newspaper, gave an example of obtaining a license. This is not the case if it is used for security purposes and sold to non-government officials, and if it is exported to China or Russia, a license is required in all cases. '

The rule also includes the

software Pegasus, allegedly developed by Israeli security companies to spy on foreign journalists and government officials. With regard to Pegasus, journalists and security companies have protested the developers of Pegasus and called on the government to crack down on the damage caused to journalists around the world.

The Washington Post reported that a senior Commerce ministry official said, 'The regulation allows American researchers to work with foreign researchers to discover software flaws, and security companies to respond to cases such as hacking. It does not prevent you from doing it. ' The rule has been put on hold for years due to concerns that it might interfere with work in the cyber field in the country, but authorities said that it would 'guarantee legitimate cybersecurity activities while guaranteeing legitimate cybersecurity activities. It's a well-tuned approach to protecting the United States from malicious cyberattackers. ' The authorities have set a deadline of 45 days from October 20th to solicit opinions on this rule, but it is said that it will come into effect 90 days later.