New U.S. Rule Would Limit Sales of Hacking Tools to Russia and China

Good morning. New export controls on U.S.-made hacking tools take aim at a slice of the cybersecurity industry that operates in gray areas.

The pending regulations will force companies to obtain licenses to sell hacking tools in countries such as China and Russia. But the rules include carve-outs for some firms, including those with select private-sector customers or certain clients who use such software or equipment to hone their own cybersecurity.

The Commerce Department program could push U.S. officials to address the sometimes hazy boundaries between defensive and offensive cyber activity. Some lawmakers are open to the idea of crossing that increasingly blurry line, giving corporate security chiefs legal cover to hack back.

(Continued below.)

Record-breaking Number of DDoS attacks in 2021

Cybercriminals are discovering ever-more-ingenious ways to part organizations from their money. Explore our latest report on the constantly changing threat landscape to stay ahead of your adversaries.

Read more

The Commerce Department’s near-final rule will require companies to obtain a license to sell hacking technology to certain countries deemed threats to U.S. interests. It will take effect in 90 days.

Commerce Secretary

Gina Raimondo

said the export controls aim to balance national security with the expansion of a cybersecurity industry that creates tools to defend computer networks and has grown at a breakneck pace as the global economy becomes increasingly digitized.

“The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights,” Ms. Raimondo said in a statement.

Read the full story.

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8