What just happened? The United States Department of Commerce has announced that it will ban the sale or export of hardware and software that can be used for malicious cyber activities to authoritarian regimes, including China and Russia.
The Commerce Department writes that the export of cybersecurity items to countries of national security or weapons of mass destruction concern will require a license from the department’s Bureau of Industry and Security (BIS). Countries subject to a US arms embargo and those deemed by the US to have a history of human rights abuses are subject to the same ban.
The rule, set to go into effect 90 days from yesterday (October 20), is being put in place for national security and anti-terrorism reasons. It aims to prevent foreign agents from using US-built tools to hack American businesses, organizations, and government entities.
“The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that US companies are not fueling authoritarian practices,” writes the BIS.
China and Russia are the two biggest nations that will be impacted by the new rule. Russian hackers, of course, have been attacking US interests for years, often at the behest of their country’s government—according to US security agencies. One of the most notable Russian hacks on a US business in recent times was against Cybersecurity giant FireEye, a $3.5 billion company that has contracts with governments and corporations around the world.
TechCrunch notes that the new rule doesn’t cover software designed for cyber defense purposes as it won’t prevent cybersecurity researchers based in the US from collaborating with colleagues overseas or disclosing flaws to software makers.