The US Commerce Department has related to the export and resale of cyber intrusion software. Once the limits come into effect in 90 days, companies that want to sell their hacking tools to countries “of national security or weapons of mass destruction concern” will need to obtain a license from the department’s Bureau of Industry and Security (BIS). The policy also covers nations that are under a US arms embargo.
Per , the rule is complicated. There are already many limitations on the export of intrusion software. Similarly, there are opportunities for companies to obtain exceptions. The main point is that the policy would cover the sale of software to countries like China and Russia. It would also limit the sale of programs like NSO’s Pegasus spyware, which some governments have used to .
“The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that US companies are not fueling authoritarian practices,” the Commerce Department said.
Among the 42 countries involved in the , a pact that sets voluntary export controls on military and dual-use technologies, the US is one of the last to impose limits on the sale of hacking software. Part of the reason for that is that the country has spent years working on the rules to ensure they don’t prevent cybersecurity researchers across the globe from working together to discover new flaws.