Wassenaar Arrangement – Wording is Everything

By John Atienza on March 4, 2016

Sources:

https://threatpost.com/white-house-wants-to-renegotiate-u-s-implementation-of-wassenaar/116531/
http://www.theverge.com/2015/7/20/9005351/google-wassenaar-arrangement-proposal-comments
http://thehill.com/regulation/cybersecurity/248579-cyber-industry-assails-anti-hacking-regulations

The Wassennaar Arrangement is a deal meant to control the exportation of conventional firearms, dual-use goods, and dual-use technologies.
The cybersecurity problem that this creates is the fact that the wording of a particular section of the arrangement is too broad. There’s a section in the deal that refers to cybersecurity tools as intrusion technologies. Unfortunately this term covers a broad spectrum of tools that cybersecurity professionals use to research vulnerabilities/attacks, perform penetration tests, and make security assessments. Many of these “intrusion technologies” actually play a role in governance and compliance with respect to PCI-DSS, HIPAA, SOX; etc… The troubling thing is that this arrangement may not have enough time to go through another rewrite and place this draft through another comment period before the Wassenaar meeting in December.

Global Weekly Executive Summary, 20 March 2018
Global Weekly Executive Summary, 20 March 2018
3/20/2018
The New Vulnerabilities Equities Policy and Process Charter
The New Vulnerabilities Equities Policy and Process Charter
11/16/2017
US Cyber Command Elevation
US Cyber Command Elevation
9/26/2017