The Commerce Department’s Bureau of Industry and Security (BIS) announced [PDF] new rules for hacking tools. U.S. companies can’t export or resell these software or hardware tools to countries with authoritarian governments.
The rule will become effective in 90 days. It also creates a License Exception Authorized Cybersecurity Exports (ACE) to “problematic” countries like China and Russia without a license.
These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.
The rule is designed to block threat actors who may use these tools against U.S. entities and threaten U.S. national security.