Security Professionals Will Lose Their Collective Minds
The propositions made in the Wassenaar Pact are scary at best. As a Security professional, this would negatively impact the ability to deploy, administer, report, defend, monitor satellite locations. I know attackers the world over read this and felt a surge of joy. This will essentially stop much research, and truly put Whitehats far behind their counter parts!!!!
Excerpt from the proposal: BIS proposes to remove cybersecurity software from the mass market provision of License Exception TSU eligibility by adding a new paragraph (d)(2)(ii). This is consistent with the existing encryption exclusion.
The changes are vague, but also completely ineffective and contradictory to the stated intent. Talk about a self-defeating. I realize that I am, "Johnny come late", when it comes to this, however the threat of inadequacy is still there and the InfoSec community needs to be aware of this. Please review be aware of the following:
- Scope of ChangesECCN 5A001.J - Internet Protocol Network Communications Surveillance Systems 740.13 - License Exception TSU
- CyberSecurity Items That are designed or Modified to Use Cryptography or Cryptanalysis (Obviously, don't try to protect your data)
- 772.1 Definitions of Terms as Used in the EAR: Addition of Definition for “Intrusion Software”
By Joe Piggee
References:
- https://www.federalregister.gov/articles/2015/05/20/2015-11642/wassenaar-arrangement-2013-plenary-agreements-implementation-intrusion-and-surveillance-items
- http://www.wassenaar.org/
- http://www.gpo.gov/fdsys/granule/FR-2015-05-20/2015-11642=
- http://www.wassenaar.org/publicdocuments/2013/WA%20Plenary%20Public%20Statement%202013.pdf