Intrusion Software and the Wassenaar Arrangementby Representative James R. Langevin
Posted on 2016-01-11
LANGEVIN asked and was given permission to address the House for
1 minute and to revise and extend his remarks.)
Mr. LANGEVIN. Mr. Speaker, securing our networks from cyber attack is
a challenging task. One of the most effective techniques is penetration
testing, or turning hacking tools on one's own network to find
weaknesses before bad actors have a chance to exploit them.
Unfortunately, a rule proposed by the Bureau of Industry and Security within the Department of Commerce last May has the potential to make it much harder to share existing tools and develop new ones, which could severely harm our national security and our economic competitiveness.
The rule was issued as part of the addition of ``intrusion software'' to the Wassenaar Arrangement, one of the principal international export control regimes. Perhaps unsurprisingly, using a 20-year-old framework--itself the successor of a three-quarter-century-old cold war agreement--to regulate cutting-edge technology has proved difficult. However, I am very thankful for the Bureau's willingness to reexamine the initial proposal, and I am looking forward to tomorrow's Homeland Security hearing as an important step in the process to produce a final rule that allows defenders to test their networks before they are attacked. This is a bipartisan hearing tomorrow, and I look forward to tomorrow's hearing.