Archive for the ‘Cyber Weapons’ Category


Dec

4

U.S. and Allies Mull Export Licenses for Network Equipment and Software


Posted by at 6:55 pm on December 4, 2013
Category: BISCyber WeaponsWassenaar

Photo: Harland Quarrington/MOD [see page for license], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3ACyber_Security_at_the_Ministry_of_Defence_MOD_45153616.jpgWe can only assume that exporters have been very bad this year because they may find a big lump of coal left in their export reform stocking by jolly old St. Nick or, perhaps more accurately, Good King Wassenaar (to continue torturing this extended metaphor.) The jolly old elves who negotiate the Wassenaar Agreement are meeting in Vienna this week, and according to this Financial Times article, they are likely to impose new controls on cybersecurity hardware and software. When the U.S. implements these changes, it means that some network equipment and software that did not previously require licenses will now require them.

The details of the changes are still not fully known. Obviously, many things could be classified as “cybersecurity” software and/or hardware, so the scope of these controls could be significant. The Financial Times article singles out deep packet inspection as one area of cybersecurity likely to be subject to export controls:

Particularly sensitive areas include so-called “deep package inspection” technologies which allow users to screen data for hidden viruses, malware or surveillance programmes. Western intelligence agencies are particularly concerned about such technologies falling into enemy hands, because they could enable them to foil cyber attacks or gain an intimate understanding of Western screening systems and their fallibilities.

Deep packet inspection is commonly used to refer to network software and hardware that looks beyond the headers of IP packet transiting a network to examine the data payload in the packet. DPI technologies vary in the degree to which the data payload is inspected, particularly given constraints on inline processing as the data streams through the network. Some DPI may look for patterns or signatures indicating viruses or attacks (to block the packet), the type of traffic , e.g., (P2P vs VOIP ( to prioritize the traffic), or even the actual content of unencrypted traffic for censorship or law enforcement purposes. Given that there are varieties of “deep” in Deep Packet Inspection and varieties of purposes to which DPI could be put, a one-size-fits-all license requirement for DPI would certainly seem to be overkill.

But the biggest nightmare will be how these license requirements will seep into the deemed export rules. Any company that employs network engineers (in other words, any company but the Asian Lithuanian Taco and Waffle Truck on the corner) will encounter real difficulties in hiring and managing foreign employees working on their networks. Let’s just hope that these negotiations at Wassenaar fizzle (but I’m not holding my breath).

Permalink Comments (1)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Jul

2

Just What We Need: More Export Controls


Posted by at 6:42 pm on July 2, 2013
Category: Arms ExportCyber WeaponsExport Control Proposals

Hacking in Progress, image by Cristiano Betta (Flickr: Barcamp London 3 @ Google Offices UK) [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3AHacking_in_progress_at_BarCampLondon_3.jpgThe Senate Armed Services Committee has favorably reported S. 1197, the National Defense Authorization Act for Fiscal Year 2014. And, you will be pleased to know (or maybe not), they have slipped into the bill a proposal for new export controls, this time on software that could be characterized as “cyber weapons.”

What got the immensely tech savvy aging Senators all whirled up on cyber weapons was, apparently, testimony they received in hearings on the bill about the Shamoon virus. Shamoon, in addition to being an excellent name for a dog, is also the name of a computer virus that struck Aramco in Saudi Arabia and rewrote or destroyed data on hard drives. No doubt the Senators were particularly vexed that one of the payloads carried by Shamoon was a picture of a burning U.S. flag which was used to overwrite some of the data.

So now section 946 of the proposed Defense Authorization Act requires the President to convene an “interagency process … to control the proliferation of cyber weapons through unilateral and cooperative export controls.” The Senate Report on the proposed legislation acknowledged that there might be some difficulty distinguishing between “cyber weapons” (bad) and “dual-use, lawful intercept, and penetration testing” technologies” (good). But, hey, that’s what an interagency process is for!

Now, the million dollar question, of course, is whether new export controls on cyber weapons would have had any impact on Shamoon. The answer, not surprisingly, is probably not. Kapersky Labs, which dissected the virus, concluded that the virus was riddled with a number of “silly errors” which limited its effectiveness and likely was the work not of sophisticated cyber criminals but was a “quick and dirty” job by “skillful amateurs.” Significantly, it was not something that the hackers acquired in the United States (or anywhere else) and exported but home-grown, error-ridden code. The only people who are going to be bothered by section 946 and its proposed export controls will be legitimate manufacturers of network intercept, analysis and testing software.

Permalink Comments Off on Just What We Need: More Export Controls

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)