Compliance Management, Incident Response, Government Regulations, TDR

Cyber products don’t belong on munitions list, State Dept. DTAG says

U.S. Department of State's Defense Trade Advisory Group (DTAG) met to discuss the classification of “cyber products” and recommended against adding new “cyber products” to the munitions list, according to a Department of State representative.

Several cyber products are currently included on the munitions list, such as equipment designed or modified to use cryptographic techniques to generate spreading code, burst techniques, and information security to suppress the compromising emanations of information-bearing signals.

And, the State Department may add additional cyber items to the munitions list.

State's Defense Trade Advisory Group is an advisory panel of private sector defense exporters and defense trade specialists. According to Politico, Rebecca Conover, a member of the Defense Trade Advisory Group and Intel's export compliance program manager, said, “We do think that it would be a negative impact to add more controls on cyber products.”

A State Department spokesperson told SCMagazine.com in an email correspondence, “We are currently reviewing these recommendations, and value the DTAG's role in helping the United States support U.S. exports and innovation in a manner that furthers our foreign policy and national security interests by protecting potentially sensitive technologies, in accordance with the Arms Export Control Act.”

If State follows STAG's recommendations, it may make it easier for technology companies to expand into in China, Russia, and Iran, among other locations. Enterprise companies have faced difficulties operating in these areas, but State only regulates cyber products that are specifically military or intelligence products. Exports such as dual use or commercial products are not covered under States jurisdiction.

The Electronic Frontier Foundation (EFF) penned a blog post celebrating DTAG's recommendation. EFF senior staff attorney Nate Cardozo and global policy analyst Eva Galperin wrote that countries should be held accountable for using malware to spy on political opponents, but added “export controls on ‘cyber products' aren't the solution”. The EFF staffers wrote, “In the export control wars, this is a rare victory for common sense.”

And Nathan Leamer, a policy analyst at the R Street, a Washington, D.C.-based think tank, agreed that cyber products should not be added to the control list. Leamer told SCMagazine.com that U.S. officials focus on government back doors “when every CTO in the country is opposed” to that approach – rather than fostering enterprise and communication.

Pentagon CIO Terry Halvorsen said recently the U.S. needs to improve its cyber warfare capabilities, stressing that the U.S. must find a way to thrive in an environment of accelerated change.

“We do not own the marketplace,” The Hill quoted Halvorsen as saying. “If you're buying a submarine, we kind of own the marketplace. If you buy an aircraft carrier, we kind of own the marketplace. If you're buying software, technology, we don't own it.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.