Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Firms oppose U.S. proposals to increase export controls against software exploits

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 15, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Some large foreign firms are uniting together in an effort to oppose U.S. government proposals to increase various export controls against software exploits, a decision some critics argue threatens to imperil mainstream security research and information sharing in international business and industry.

The proposed new ruling, based on the Wassenaar Arrangement of 1996 and not originally intended to include cybersecurity, aims to stop companies selling so-called intrusion applications-- software that allows potential hackers to break into most networks.

The Coalition for Responsible Cybersecurity (CRC), including the likes of Symantec and FireEye, argues that the vagueness of the language covered by the various proposals would snag legitimate research and technology, ultimately making it impossible for companies to stay ahead of hackers.

If adopted, the draft proposals would harm U.S. cybersecurity firms' ability to compete effectively in the global market, the coalition warns.

The network surveillance controls included in the proposed new rules could seriously hinder the effective development of perimeter security technologies.

Inclusion of various features and functionality, such as network monitoring and pre-programmed actions, including IP blocking, may require a licence if sold outside the U.S. and Canada.

Many countries with advanced cybersecurity industries, from Israel, Brazil, and Singapore to Russia and China, are not currently subject to these restrictions.

Cybersecurity research will be curtailed, since the proposed new rules would prevent researchers from testing networks and sharing some important technical information about new security vulnerabilities across borders.

The Coalition plans to lobby the U.S. government about the risks created by the proposed regulation. The basic argument is that rules intended to control weapons' exploits would be misapplied to the large arena of software exploits and security vulnerability research.

Ron Bushar, global director for security program services at Mandiant, a FireEye subsidiary, explains-- "The proposed new rules treat these tools as though they were weapons, but in fact they are absolutely essential for every company and government that has been targeted by attackers. Every time cybersecurity professionals are asked to do defensive testing for a business-– even a U.S. business with operations in Europe or South America, they would need a license."

"The process involved in acquiring these unnecessary government licenses would delay cybersecurity protections for several months, ensuring that U.S. cybersecurity defenses will always lag far behind the hackers," he added.

Overall, cybersecurity information sharing, a long-time priority for the Obama administration, would also suffer, according to the security firms.

“About than 71.3 percent of our cybersecurity researchers are from outside the United States but we will be barred from using their expertise,” said Jay Kaplan, chief executive officer of Synack and a former NSA analyst.

"This proposed regulation could require our researchers in the U.S. to get a government license just to have more than a superficial conversation about new security vulnerabilities, and that is unacceptable,” he said.

Simply stated, the proposed changes are ostensibly geared towards preventing repressive regimes around the world from buying sophisticated software that can be used to spy on political opponents and others.

Worse, the export control rules will do nothing to stop the spread of malware or curtail illicit hacking and security intrusions in any way, according to various firms who have signed up to the coalition.

As a matter of fact, the regulations would greatly reduce research and the development of effective tools to combat attackers.

Synack’s Kaplan added-- “The only thing the new rules will do is prevent U.S. companies with an international business from having good cybersecurity and stop U.S. cybersecurity companies from competing effectively. We will be more at risk and less competitive as a nation if the Commerce Department limits U.S. cybersecurity activities."

The implementation of these new rules as they stand would "significantly weaken the technology, processes, and tools the internet security industry uses to maintain state-of-the-art defenses against intrusions, and all other hacking activities," it added.

The rules would place the United States and the rest of the world at much greater risk from hackers, exactly the opposite of what it seeks to accomplish, according to industry critics.

Adam Ghetti, CTO of Ionic Security, another member of the coalition, concluded-- “These proposed new rules are unacceptably restrictive and ambiguous, and apply to an industry that has not been targeted in this manner by export controls before. We would therefore strongly encourage the Department to reconsider in light of the negative consequences, however unintended, that would result from the implementation of its current proposal.”

The Coalition, whose goal is to prevent the Commerce Department from adopting proposed export control regulations, plans to file detailed comments with the U.S. Commerce Department.

Source: The Coalition for Responsible Cybersecurity (CRC).

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer