The U.S. Department of Commerce said it will tighten sales of hacking and surveillance software or tools to countries posing a national security threat.
The Bureau of Industry and Security published an interim rule to bring “controls on the export, re-export or transfer (in-country) of certain items that can be used for malicious cyber activities.”
The department said authoritarian regimes could use such tools to abuse human rights. This means American companies will need to obtain a license if they want to export such components to certain nations. Particularly, countries possessing “weapons of mass destruction” or the ones deemed a national security threat. This applies to countries like China and Russia.
It’s worth noting that the U.S. government has been working on this rule for some years now. However, it faced some pushback over concerns of hindering legitimate cybersecurity collaborations.
The department added that it conducted research and outreach with “the security industry, financial institutions, and government agencies that manage cybersecurity.” The new rule will go into effect in the next 90 days, the department said.
This comes in the wake of the controversial Pegasus malware drawing global criticism
“The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities,” Secretary of Commerce Gina Raimondo said in an official statement.
Silicon Angle notes that the U.S. government wants to avoid a situation like the one involving Pegasus malware. This came from Israel-based NSO Group Technologies Ltd. Several governments and agencies have access to this malware. There are multiple instances of this malware falling into the wrong hands. Moreover, some governments have used Pegasus malware to spy on politicians, lawyers, and journalists among others.
Last week, the U.S. held a two-day virtual ransomware summit with 30 countries. Representatives from each country discussed measures to tackle the menace of ransomware. However, countries like Russia and China weren’t present at the summit. But the officials didn’t rule out future participation.
In September this year, the Treasury Department put sanctions on a cryptocurrency exchange run by Russian nationals. This exchange was reportedly responsible for laundering $160 million in illegal funds to ransomware groups. However, there’s still some hope for a broader coalition covering more countries.