Commerce wants to restrict export of unknown security flaws

The Commerce Department wants to tighten export rules on computer security products in an attempt to limit foreign rivals’ access to unknown security flaws.

The proposal has drawn criticism from security researchers who argue it’s too broad and could inhibit the export of legitimate security products used to harden networks against hackers.

{mosads}If enacted, the rules “could even damage cybersecurity,” tweeted Thomas Rid, a security expert and professor at King’s College in London.

The Commerce Department is attempting to curb the expansive online underground cyber arms black market that operates mostly out of Eastern Europe.

A popular form of cyber sabotage available on the dark Web forum is “zero-day exploits,” or security weaknesses that software vendors haven’t yet discovered.

Defense contractors and security researchers regularly sell these exploits to government agencies and software manufacturers.

The practice helps harden public and private networks. But in the hands of the wrong person, a zero-day exploit opens the door for cyber crime, digital assaults and foreign government surveillance.

The alteration would be an update to a 2013 agreement among 41 nations to regulate certain types of software similar to how nuclear and chemical weapons components are regulated.

But worries remain about the update’s effect on the security industry.

“It could have major impacts against how we do vulnerability research and protecting our systems,” Lillian Ablon, a Rand Corp. expert who has studied the zero-day markets, told Reuters. “If we are restricting the ability of the white hats to fund the vulnerabilities, it’s only making it easier for the bad guys.”

Tags

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..

 

Main Area Top ↴

Testing Homepage Widget

 

Main Area Middle ↴
Main Area Bottom ↴

Most Popular

Load more

Video

See all Video