Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

US, Allies to Tighten Export Controls on Cyber Tools

Initiative Draws European Support, Follows NSO Group Spyware Developments
US, Allies to Tighten Export Controls on Cyber Tools
The Biden administration announced an initiative to curb the spread of offensive cyber tools. (Source: Wiki/CC)

The Biden administration has announced that the U.S. and several allies have aligned to create stricter criteria around the export of certain offensive cyber tools, particularly those that end up in the hands of authoritarian regimes.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

The Export Controls and Human Rights Initiative - announced as part of President Joe Biden's inaugural, two-day Summit for Democracy with leaders from 110 countries - comes on the heels of a discovery earlier this month that the flagship spyware of sanctioned Israeli firm NSO Group was detected on at least nine Apple iPhones belonging to U.S. State Department officials. The latter were located in Uganda or were working on Ugandan issues (see: Report: NSO Group Spyware Found on State Department Phones).

In November, the U.S. Department of Commerce blacklisted NSO Group and fellow Israeli spyware provider Candiru after they allegedly supplied their software to foreign governments that in turn "maliciously targeted" government officials, journalists, businesspeople, activists and academics. The Commerce Department's Bureau of Industry and Security, which issued the final rule, said the companies "threatened the privacy and security of individuals and organizations worldwide." Those on the Entity List cannot purchase U.S. technologies or goods without a special license.

'Serious Human Rights Abuses'

The new initiative, issued jointly with the governments of Australia, Denmark and Norway, recognizes that "authoritarian governments increasingly are using surveillance tools and other related technologies in connection with serious human rights abuses, both within their countries and across international borders, including in acts of transnational repression to censor political opposition and track dissidents." Officials say such risks defeat the benefits of the advanced technologies.

Participating nations say that now, in consultation with industry and academia, they will establish a voluntary, nonbinding written code of conduct to use export controls to prevent the proliferation of software used to enable human rights abuses.

Canada, France, the Netherlands and the U.K. have expressed support for the initiative, according to the White House statement.

"[Cybercrime] comes in multiple forms and arguably the most concerning of which is when it is used to undermine human rights," says Lisa Plaggemier, interim executive director of the National Cybersecurity Alliance. "[This initiative has] a very real impact on shifting the narrative around cybercrime and shining a new light on how nation-states are using cybercrime - sometimes towards their own people."

Building Policy Alignment

In a fact sheet on the initiative, U.S. officials continue: "Too often, cyber intrusion, surveillance, and other dual-use technologies are misused to stifle dissent; harass human rights defenders; intimidate minority communities; discourage whistle-blowers; chill free expression; target political opponents, journalists, and lawyers; or interfere arbitrarily or unlawfully with privacy."

Atop the voluntary code of conduct, officials say the initiative will:

  • Help build policy alignment with like-minded partners;
  • Help unify policymakers, technical experts, and export control and human rights practitioners;
  • Work to strengthen domestic legal frameworks, share threat information, implement best practices and assist others with building capacity.

'Significant Impact'

Cybersecurity experts say this effort could be effective in reducing the offensive cyber-tool market.

"It's easy to write this off as just optics, however, it really is more than that," says Jake Williams, a former member of the National Security Agency's elite hacking team. "When many countries, especially major players, come together to discuss norms for allowing offensive cyber tool exports, that has a … significant impact."

Williams, who serves as co-founder and CTO at the security firm BreachQuest, also says," While I don't believe this will limit the use of spyware by authoritarian regimes, it targets the problem at the source. As the supply of offensive tools becomes more limited, it will be harder for authoritarian regimes to obtain government-grade spyware tools in the first place."

And NCA's Plaggemier says, "This agreement provides additional evidence that the Biden administration is serious when it comes to saying it promises to forge more international partnerships and collaboration in the cybersecurity world."

Others believe the impact may be minimal.

"The likelihood of these new restrictions making a tangible difference on how this sector operates is low," says Ross Rustici, a former technical lead for the U.S. Department of Defense and currently the managing director of the advisory firm StoneTurn. "The upside to the market is large, and consequences to selling these tools to date have been negligible for those who operate in this space."

NSO Group (File image)

NSO Group Allegations

Last week, Amnesty International's Security Lab reported that at least four activists "who are critical of their government" in Kazakhstan were infected with NSO Group's spyware, according to Israeli newspaper Haaretz.

Three of the four officials reportedly received a warning from Apple in November that their iPhones had been tampered with by a "state-sponsored attacker," according to the same report. The spyware can allow clients to obtain remote access on target phones, though the firm maintains that it's designed for legitimate use among law enforcement and intelligence agencies.

On the Kazakhstan developments, an NSO spokesperson told the Israeli newspaper that it "cannot refer to an alleged report we have not seen."

During the summer, an international consortium of journalists investigated a leak of approximately 50,000 potential targets, including high-ranking officials, for possible surveillance by those leveraging Pegasus, the NSO spyware. It's unclear, however, if any campaigns were mounted against them.

The Israeli Ministry of Defense has reportedly reduced the number of nations to which its companies can export spyware from 102 to 37 - a move that reportedly eliminates previous client countries (see: Report: NSO Group Spyware Found on State Department Phones).


About the Author

Dan Gunderman

Dan Gunderman

News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covers governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.