Tag: Export | SpinSafe

BIS issues significant new export controls on certain cybersecurity items and related guidance

December 3, 2021/in Computer Security

On October 21, 2021, the Bureau of Industry and Security (BIS) published an interim final rule (IFR) to implement significant new controls regarding certain cybersecurity items. The rule contains new and updated Export Control Classification Numbers (ECCNs) and new License Exception Authorized Cybersecurity Exports (ACE). On November 12, 2021, BIS issued Frequently Asked Questions (FAQs) to provide guidance on the IFR and License Exception ACE.

On October 21, 2021, the Bureau of Industry Security (BIS) published an Interim Final Rule (IFR) to implement controls on certain “cybersecurity items” that can be used for malicious cyber activities. Most notably, the IFR defines “cybersecurity items” to include the new and updated Export Control Classification Numbers (ECCNs) and creates a new License Exception Authorized Cybersecurity Exports (ACE). This IFR follows BIS’s original proposal to implement the addition of cybersecurity items to the Wassenaar Arrangement (WA) in 2015. However, the 2015 proposed rule received substantial industry scrutiny, including concerns that the rule was overly broad, would impose a heavy burden on licensing for legitimate transactions, and could cripple legitimate cybersecurity research. In response to those and other concerns, BIS suspended implementation of the 2015 proposed rule and, instead, renegotiated changes to the WA control lists in 2017, intending to define more precisely the scope of the cybersecurity controls. BIS released the October 2021 IFR to implement the 2017 WA decisions. Public comments on the IFR are due December 6, 2021, and the IFR is set to go into effect on January 19, 2022.

On November 12, 2021, BIS issued Frequently Asked Questions (FAQs) that provide guidance on this IFR.

New Export Control Classification Numbers

“Cybersecurity items” are defined to include the new and updated ECCNs referenced below and certain related ECCNs in Categories 4 and 5.

Category 4 includes two new ECCNs related to “intrusion software”:

4A005 “Systems,” “equipment,” and “components” therefor, “specially designed” or modified for the generation, command and control, or delivery of “intrusion software.”
4D004…

Source…

Reactions to the US sanctions against Russia. Sweden and the GRU. Export controls on personal data. Power grid security.

April 19, 2021/in Computer Security

At a glance.

Reaction to the US sanctions against Russia.
Sweden thinks the GRU did it, but that there’s no point in prosecuting individuals.
Export controls on US personal data?
Emerging US policy for enhancing power grid security.

The carrot as the stick: more reactions on the US response to Russian hacking.

The Biden Administration’s much-anticipated response to Holiday Bear’s tear was coupled with an invitation to improve bilateral relations, as SecurityWeek observes. President Biden gave President Putin a heads up about the measures and pitched a summer summit, according to NBC, claiming this “is the time to de-escalate” and expressing the desire to dodge a “downward spiral.” Secretary of State Blinken clarified that Washington seeks “opportunities for cooperation, with the goal of building a more stable and predictable relationship.” Breaking Defense recounts Stanford researcher Herbert Lin’s doubts that the sanctions will steer Moscow towards better behavior, as the Kremlin promises an “inescapable” riposte.

Atlantic Council notes that the response “leave[s] room for escalation,” for example against Kremlin “cronies,” though the measures have already had significant economic impact. (Foreign Policy mentions that some anticipated stronger action, finding the fiscal policy “timid,” since the more important secondary market for Russian debt was left alone.) Council contributors characterized the move as “big politics,” in contrast to available incremental alternatives, explaining that the approach takes on “Putinism” writ large. They worried, however, that the message delivered was not one of resetting relations, and the simultaneous Black Sea and Nord Stream 2 backtracking, which the Moscow Times and Politico detail, send mixed signals about the US’ resolve.

In the Administration’s view (via NBC), the reaction was “resolute but proportionate” and preserved the opportunity for mutually beneficial partnership. On Moscow’s view, per Foreign Policy, President Biden is “trying to destroy relations between the two countries.” Others—without holding out hope for a productive reply from Russia— see in the approach a direct…

Source…

Huawei in hot water with the Feds for possible export violations of US tech to Iran, North Korea – Android Authority (blog)

June 6, 2016/in Computer Security

Android Authority (blog)

Huawei in hot water with the Feds for possible export violations of US tech to Iran, North Korea
Android Authority (blog)
We are flooded by Syrian refugees because the US decide to flame a war in the country. Shouldn't US … For God's sake, it was proven that the US spies on the European institutions and governments and the company that I worked for at the time when this …

and more »

flame malware – read more

But surely “export grade” means HIGHER quality? 60 Sec Security [VIDEO]

March 9, 2015/in Internet Security

The latest episode of our weekly security news video… …all in just 60 seconds, as usual.
Naked Security – Sophos

Tag Archive for: Export

At a glance.

The carrot as the stick: more reactions on the US response to Russian hacking.