By Reynaldo Almonte

WASHINGTON, D.C. – Congressman Jim Langevin (D-RI), a senior member of the House
Armed Services Committee, was honored today with the Distinguished Public Service
Award, the U.S. Navy’s highest honor bestowed upon a civilian not employed by the
Department. The award was presented by Admiral Craig Faller on behalf of Secretary
of the Navy Ray Mabus.

“I am humbled by this incredible honor, and grateful to have had the opportunity to
support, in some small way, the important work of Secretary Mabus and all the brave
men and women who serve our country in the United States Navy and across all
branches of the military,” said Langevin. “I continuously strive to be a strong and
supportive partner to our veterans and to those who serve with distinction, and I
will continue to be a fierce advocate for policies that empower and protect these
dedicated service members. Thank you, Secretary Mabus and Admiral Faller, for this
exciting recognition, and for everything you do for our great nation.”

In the citation, Mabus recognizes Langevin, “for exceptional service to the
Department of the Navy as a member of Congress and the House Armed Services
Committee. Representative Langevin’s dedicated service to our Sailors and Marines
ensured they were provided the resources necessary to support and defend the
Nation’s interests around the globe. His strong leadership as ranking member of the
Subcommittee on Emerging Threats and a member of the Subcommittee on Seapower
ensured that the Navy-Marine Corps team was the most capable force in history.
Through his tireless efforts, he directly impacted the quality of life for the men
and women of the Department of the Navy and guaranteed the highest levels of
sustainability for our combat forces.”

By: Rebecca Turco

PROVIDENCE, R.I. – The U.S. House GOP quickly backpedaled on a controversial decision to gut an ethics watchdog that oversees Congress.

The representatives changed course Tuesday afternoon, after voting Monday night to restructure the Office of Congressional Ethics by putting the independent office under the control of a congressional committee.

The decision set off a firestorm of bipartisan backlash. Even the president-elect himself weighed in on Twitter.

“It would be a new low for Congress and for the Republican majority if this is the first action of the new Congress,” said U.S. Rep. Jim Langevin (D-RI).

“It speaks volumes that the first thing Republicans attempted to do in the new Congress was weaken ethical standards, and they only backed down once their efforts were exposed to public scrutiny,” U.S. Rep. David Cicilline (D-RI) said in a statement.

John Marion, executive director of Common Cause Rhode Island, was in agreement, saying: “Folding it under the House committee would have turned it to the era when peer pressure ruled the day.”

State Rep. Antonio Giarrusso (R-East Greenwich, West Greenwich) called to light the ethical parallels in Rhode Island: “On the day we’re changing the guard on our own ethics reform, they want to make it completely opposite on a national level.”

With Tuesday’s swearing in of the general assembly, Rhode Island’s Ethics Commission will once again have oversight over legislators. “It’s not about partisan,” added Giarrusso. “It’s about doing the right thing for the people.”

Giarrusso is among several state Republican lawmakers who were against the House GOP’s initial move to gut the ethical oversight.

By Katherine Gregg

PROVIDENCE, R.I. — An attempt by U.S. House Republicans to gut ethics oversight of members of Congress unraveled on Tuesday, but not before a tsunami of denunciations from the president-elect, the House GOP leadership and many others, including Rhode Island’s own Democratic Congressmen.

Before the House GOP reversed course, U.S. Rep. James Langevin, D-R.I., said: “It’s a new year and a new low for House Republicans, opening the 115th Congress by stripping critical oversight and accountability procedures from the Office of Congressional Ethics.”
House Republicans had voted behind closed doors Monday night to curtail the power of an independent ethics office created in the wake of scandal.

“I cannot understand how anyone could justify voting for this measure. The Office of Congressional Ethics is currently an independent, non-partisan entity. The office has, historically, been able to investigate wrongdoing by members of Congress, including anonymous reports by whistle blowers. By stripping this office of its power and instead transferring oversight to the House Ethics Committee – into the very hands of those who could be subject to such investigations – House Republicans have betrayed the trust of their constituents.

“This is a disheartening start to the new Congress, to say the very least,” Langevin said. “This is a time of uncertainty for so many in this country, and reducing accountability and transparency, effectively giving Members of Congress a free pass, does nothing to alleviate the very real concerns of those questioning who and what their elected leaders truly represent.”

Added U.S. Rep. David Cicilline, D-R.I., after House Republicans moved to temporarily table their effort to gut the independent Office of Congressional Ethics:

“Just hours after attempting to kill the Office of Congressional Ethics and strip it for parts, Republicans have apparently decided to listen to their constituents. It’s critical that, in the weeks ahead, we don’t allow them to return to the days of thinly-veiled bribes, kickbacks, and much worse; a time when an open culture of corruption ruled Washington, D.C.”

“The fact is we need more ethics reforms, not less,” Cicilline said. “That’s why I have been fighting for all members to undergo annual ethics training…Since the creation of the Office of Congressional Ethics, disciplinary actions by the House Ethics Committee have quadrupled.”

“It speaks volumes that the first thing Republicans attempted to do in the new Congress was weaken ethical standards, and they only backed down once their efforts were exposed to public scrutiny.”

“This is not what the American people sent us here to do. After the last few hours, it’s clear that Republicans don’t want to drain the swamp – they want to fill it up,” he said. “This is wrong, and it’s critical that Democrats, Republicans, and Independents continue to hold their Members of Congress accountable and demand they adhere to the highest ethical standards.”

Both were reacting to the stunning late-night announcement, by U.S. Robert Goodlatte, R-Va., the chairman of the U.S. House Judiciary Committee, that the House Republican Conference had voted 119-to-74 to place the independent Office of Congressional Ethics (OCE) under the control of a House Ethics Committee.

As explained by the Washington Post: Under the proposed new rules, the office could not employ a spokesperson, investigate anonymous tips or refer criminal wrongdoing to prosecutors without the express consent of the Ethics Committee, which would gain the power to summarily end any OCE probe.

House Speaker Paul D. Ryan and Rep. Kevin McCarthy of California, the majority leader, voiced opposition to the move.

President-elect Donald J. Trump slammed the weakening of ethics scrutiny in back to back Tweets that said: “With all that Congress has to work on, do they really have to make the weakening of the Independent Ethics Watchdog, as unfair as it…may be, their number one act and priority. Focus on tax reform, healthcare and so many other things of far greater importance! #DTS.” The hashtag presumably refers to his election catch phrase: “drain the swamp.”

Goodlatte defended the action on Monday night, saying it would strengthen ethics oversight in the House while also giving lawmakers better protections against what some of them have called overzealous efforts by the Office of Congressional Ethics.

But Representative Nancy Pelosi of California, the House minority leader, joined others who had worked to create the office in expressing outrage at the move and the secretive way it was orchestrated.
“Republicans claim they want to ‘drain the swamp,’ but the night before the new Congress gets sworn in, the House G.O.P. has eliminated the only independent ethics oversight of their actions,” Ms. Pelosi said in a statement on Monday night. “Evidently, ethics are the first casualty of the new Republican Congress.”

The body was created after a string of serious ethical issues starting a decade ago, including bribery allegations against Representatives Duke Cunningham, Republican of California; William J. Jefferson, Democrat of Louisiana; and Bob Ney, Republican of Ohio. All three were ultimately convicted and served time in jail.

By Rob Borkowski

WASHINGTON, D.C.—President Barack Obama has expelled 35 Russian intelligence agents, shut down two Russian compounds in Maryland and New York, and released information about that country’s civilian and military cyber activity, measures Congressman Jim Langevin praised while imploring President Elect Donald Trump to end his denial that Russian hackers interfered with the 2016 Presidential election.

“Interference in our electoral processes cannot be tolerated, and I am encouraged that President Obama is taking steps to respond to Russian attempts to undermine faith in and influence the 2016 federal elections. In particular, I commend the President for using a full range of response options, including economic, diplomatic, and cybersecurity actions. As nations increasingly use hacking and other cyber operations to advance their objectives, it is imperative that the United States respond firmly to attacks targeting our interests,” Langevin said.

In a statement posted to whitehouse.gov, Obama announced he also sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.

Those companies, according to a press briefing transcript also posted today, are the Special Technology Center St. Petersburg, Zorsecurity, and the Autonomous Noncommercial Organization, (ANO PO KSI) — which have provided cyber services and training to the GRU.

The Secretary of the Treasury is also designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information. The briefing transcript identifies those individuals as Evgeniy Bogachev and Aleksey Belan, described as notorious cyber criminals responsible for havoc in the international financial system, including against American companies.

The State Department is also shutting down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence-related purposes, and is declaring 35 Russian intelligence operatives as “persona non grata”.

The Department of Homeland Security and the Federal Bureau of Investigation are also releasing declassified technical information on Russian civilian and military intelligence service cyber activity, to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

“The President’s actions are also notable because they have a deterrent effect beyond the punishment of Russians directly involved with or supporting the information warfare operation. By releasing formerly classified threat indicators, the Department of Homeland Security and FBI have exposed Russian hacking infrastructure and made it much easier for individuals and businesses around the world to protect themselves from Russian aggression. I strongly encourage network administrators to read the Joint Analysis Report hosted by the U.S. Computer Emergency Readiness Team and take action to protect their systems,” Langevin said.

Obama effected the actions by amending the Cyber Executive Order, originally issued originally in April 2015.

President Elect Donald Trump, who has denied Russian interference in the election, has said the country should move on, but told the New York Times he would discuss the issue with intelligence officials.

Langevin said the actions were important to show Russian officials that interference in American institutions and elections will not be brushed off without a response.

“However, we must continue to investigate ways to improve our resiliency and protect ourselves from future such operations, which is why I again call on Speaker Ryan to empower a Select Committee on Cybersecurity to look into the attacks. I also hope that the President-elect will use this moment to stop his utterly unfounded innuendo that that there is any uncertainty regarding Russian involvement in the hacks,” Langevin said.

By MICHAEL D. SHEAR

WEST PALM BEACH, Fla. — President-elect Donald J. Trump has named Thomas P. Bossert, a top national security aide under President George W. Bush, to be his homeland security adviser, the Trump transition team announced Tuesday morning.

Mr. Bossert will become assistant to the president for homeland security and counterterrorism, a position the transition team said would be equal in status to that of Lt. Gen. Michael T. Flynn, whom Mr. Trump has chosen to be his national security adviser. The same position under President Obama has been a deputy national security adviser.

The change in rank “reflects the unwavering commitment President-elect Trump has to the safety and security of the nation, its people and territory,” the transition team said in a statement.

“Mr. Bossert will focus on domestic and transnational security priorities as General Michael Flynn remains steadfastly focused on international security challenges,” it said.

Officials on Mr. Obama’s national security team challenged the assertion that Mr. Bossert had been elevated to a higher position than his counterpart in the current administration, Lisa Monaco, who also has the title assistant to the president.

A senior national security official, who spoke on the condition of anonymity to discuss personnel matters relating to the incoming administration, noted that Ms. Monaco was the chairwoman of the Principals Committee of the Homeland Security Council, had a seat on the National Security Council and participated alongside the national security adviser during daily national security briefings for Mr. Obama.

The new designation for Mr. Bossert may suggest a desire by the new administration to reconfigure the national security apparatus at the White House.

Before Mr. Obama, the homeland security adviser oversaw a staff that was separate from the one run by the national security adviser. Mr. Obama combined those into a single, unified staff when he came into office. Mr. Trump may be thinking about splitting them again.

In the statement, Mr. Trump called Mr. Bossert “an invaluable asset” and praised the breadth of experience he would bring to the new administration. “He has a handle on the complexity of homeland security, counterterrorism and cybersecurity challenges,” Mr. Trump said.

Mr. Bossert served as deputy homeland security adviser for Mr. Bush, and he runs a risk management consulting firm in Washington. He is also a senior fellow at the Atlantic Council, working on the research institution’s Cyber Statecraft Initiative.

Helping to protect the country from cybercrimes is likely to be a major focus for Mr. Bossert in light of the hacking of the Democratic National Committee and other incidents in recent years. Mr. Bossert will face the challenge of balancing cybersecurity needs against the privacy concerns of internet companies.

“We must work toward cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty,” Mr. Bossert said in the statement announcing his appointment.

News of Mr. Bossert’s selection drew praise from some members of Congress and former colleagues in the Bush administration, who described him as capable and knowledgeable about threats to the country.

Representative Jim Langevin, Democrat of Rhode Island, also praised the choice. Mr. Langevin, a founder of the Congressional Cybersecurity Caucus, said Mr. Bossert had approached the issues of cyberthreats in a “centrist, bipartisan” manner.

“I also hope that he will impress upon the president-elect the vital national security concerns tied to Russian information warfare activities, and I encourage him to work closely with Congress in attempting to build our resilience and our defenses to forestall such operations in the future,” Mr. Langevin said in a statement.

Frances F. Townsend, who was Mr. Bush’s homeland security adviser, said she was confident that Mr. Bossert would “continue to demonstrate the capacity and insight needed to take on the tough challenges facing the country.”

She focused in particular on Mr. Bossert’s expertise in another key part of the job: responding to natural disasters and other crises that require coordination among the White House, governors and other state officials.

In a brief text message, Ms. Townsend called Mr. Bossert a “great pick” and recalled that he had helped lead the “after-action review” after Hurricane Katrina in 2005, helping to create more than 100 recommendations about how to better respond to such crises. “Tom knows the importance of public-private partnerships and most importantly how best to establish and strengthen them,” she said.

Also on Tuesday, the transition team formally announced that Jason D. Greenblatt, the chief legal officer of the Trump Organization and a longtime adviser to Mr. Trump, would serve as his special representative for international negotiations. Mr. Greenblatt has been the president-elect’s business attorney for years, and in a statement, Mr. Trump called him “one of my closest and most trusted advisers.”

“He has a history of negotiating substantial, complex transactions on my behalf, as well as the expertise to bring parties together and build consensus on difficult and sensitive topics,” Mr. Trump said.

As the president’s special representative, Mr. Greenblatt is likely to focus on peace between the Israelis and the Palestinians, renegotiating trade agreements and the relationship between the United States and Cuba, among other international issues.

By Rene Millman
This article originally appeared on SC Magazine UK.

Uncertainty reigns as the Wassenaar cyber weapons control pact renegotiations is rejected

A two-year attempt to change the language used in relation to export controls around surveillance software and other hacking tools has collapsed after the US government failed to renegotiate parts of the Wassenaar Arrangement.

The Wassenaar Arrangement is an arms control pact between 41 countries. While most of this refers to conventional arms, in 2013 it was broadened in scope to include surveillance software—or intrusion software as it’s branded in the agreement. This wording banned the export of software that could be used to conduct cyber warfare, in particular, tools to exploit and attack vulnerable IT infrastructure.

These changes were set to be implemented by member countries last year in a bid to prevent repressive regimes from gaining access to commercial malware.

Critics have labelled the current language in the agreement as too broad as it includes tools that IT professionals use on a daily basis, such as penetration testing tools and other legitimate security software. It also includes proof-of-concept exploits used during vulnerability research and disclosure. As it stands, the rules as written have not been implemented in the US.

With the talks collapsing, it will now be up to the incoming Trump administration to decide whether to continue renegotiations. It was hoped that the talks would have clarified matters allowing security researchers to participate in events such as Pwn2Own and share research among professionals and academics.

In the US, the bipartisan Congressional Cybersecurity Caucus has urged the incoming administration to continue talks.

Congressman Jim Langevin (D-RI), cofounder and co-chair of the Congressional Cybersecurity Caucus and a senior member of the House Committees on Armed Services and Homeland Security, said in a statement that he was “deeply disappointed that Wassenaar member states declined to make needed updates to the intrusion software controls, particularly those related to technologies necessary for their development.”

“For over a year, I have led my colleagues in Congress in calling for a careful review of these controls, which could harm our nation’s cybersecurity by making it more difficult to quickly share defensive tools and close vulnerabilities. The small changes clarifying the role of ‘command and control’ functionality that were made at the annual meeting, while needed, are simply insufficient to address the broader flaws in the language.”

Stephen Gates, chief research intelligence analyst at NSFOCUS, told SC Media UK it’s well known in cybersecurity circles that ethical hackers, researchers, penetration testers, and security vendors often have tools that can be used to hack, loaded on virtual machines, running on the very laptops they carry.

“These tools are used for ethical purposes to demonstrate how hacks work, and what defences can defeat the various hack tools,” he said.

“Ethical hackers and the like must be made aware of the fact, if they travel internationally, and enter a country where these tools are identified as ‘weaponry’, these individuals could face criminal charges and other possible penalties.   Best to remove the tools, before you travel.”

This interview was conducted, edited, and condensed by Lars Trodson.

Congressman Jim Langevin, D-R.I., is the co-chair and co-founder of the Congressional Cybersecurity Caucus. He has written to House Speaker Paul Ryan asking Ryan to appoint a Select Committee on Cybersecurity, given the concern over possible Russian interference in the recent Presidential election. We checked in with Langevin to discuss his concerns.

Q: There has been a lot of talk about cybersecurity and the hacking that may have impacted this year’s election. Do you personally believe that our electoral system was hacked during this cycle?

A: Let’s break this down to three things. There is the issue of the alleged Russian attempts to compromise our voter registration system. Then there is our election system that counts the votes on election day. Three, was there a Russian or foreign entity that impacted our elections by hacking into email accounts and then sending those to Wikileaks, which then sent them out to the world?

Clearly the intelligence community is pretty unanimous there were Russian attempts to hack into our voter registrations systems. We don’t believe anything was compromised that would undermine confidence in the election system itself. But our intelligence community and Homeland Security believe there were Russian attempts to do that, to clearly undermine that.

Q: Do you personally believe the Russians were involved? 

A: I do believe that they were poking around to get into voter registration systems. It’s unclear as to how effective that was at the end of the day, to cast a cloud over it, if you will.

In terms of the election, we don’t have any evidence — on Election Day — that there was an attempt to meddle with the vote count. We have a disconnected system. It’s diverse, it’s not co-ordinated. Most states don’t have a statewide voter election system. It’s town by town, city by city, or even the county may be responsible for its own voting equipment. There are multiple election systems and none of them are linked to the internet. There is no way to break into the voting system.

It’s early to prejudge that the Russians were successful at influencing the outcome of the election. This is what we need to confirm. Looking at everything, I have confidence that the vote count is accurate, but this is really unprecedented. I’ve never seen anything on this scale before, that a foreign power used this type of capability to influence the outcome of an election. But we have to understand all the facts. We have to make sure it never happens again. This is a new attack vector that many people did not anticipate happening, but we need to find out who is involved and hold them accountable. This is why I have called for a Select Committee to investigate those Russian attempts.

Q: Do you think the election results are credible? 

A: Yes. I may not like the outcome, but yes.

Q: Do you think there are other entities involved besides Russia?

A: I think we should look at everything. I have not seen anything that would indicate it was anyone other than the Russians, but this is what a Select Committee would look at: Look at all information, classified and open source. They should evaluate everything and whatever those findings are, make them available to the American people. I want everything to be transparent for the American people.

Q: Did the Obama Administration react strongly enough?

A: We’re in uncharted territory, but I always like a stronger response than what the President had, but he said the U.S. will respond at a time and place of our choosing. Some of that response may be known and some of it may not be known.

Q: Is there anything that you could be doing, with the committees you sit on, to look at this concurrently with a Select Committee?

A: It depends on the route the leadership in congress goes. It’s unclear who will do the review. There are 80 committees or subcommittees that this involves. This cuts across jurisdictional lines, so we need to have a bipartisan committee that cuts across lines, to look at information both classified and open source to get a full understanding of what happened.

Q: I think you touched on this, but we can’t overestimate how serious this is.

A: That’s right.

Q: How quickly would you like to start looking into this?

A: Immediately. As soon as the new Congress comes back and I will be all too happy to have the Speaker announce the Select Committee, and I would like to be a part of it.

Q: Is there anything we haven’t touched on that we should mention? 

A: I guess the only thing I would underscore is that this is a serious issue, a big deal, it’s unprecedented and we need to understand how it happened and who is responsible and take the necessary steps to send a signal that it won’t be tolerated. We don’t want this to go unanswered.

By Reynaldo Almonte

WASHINGTON – Legislation introduced by Rep. Jim Langevin (D-RI) and Rep. John
Ratcliffe (R-TX) was signed into law Friday to strengthen collaborative
cybersecurity research and development efforts between the United States and Israel.
The pair of lawmakers introduced the United States-Israel Advanced Research
Partnership Act of 2016 (H.R. 5877) after returning from a congressional delegation
trip to Israel in July that focused on addressing key cybersecurity issues facing
both countries.

“Cybersecurity is the national and economic security challenge of our time, and we
must use every resource at our disposal to support research, foster innovation, and
fortify our cyber defenses. This must include a collaborative approach that allows
us to work with our leading partners, like Israel, to develop new technologies for
our cyber incident responders,” Langevin said. “Passage of this law will enhance
cybersecurity for the United States and Israel, putting us on a shared path toward
innovative solutions to the threats we face. I look forward to continuing to work
with Chairman Ratcliffe to strengthen our relationship with Israel, including by
passage of the United States-Israel Cybersecurity Cooperation Enhancement Act next
Congress.”

“My work as a cybersecurity subcommittee chairman over the past two years has
focused on ensuring American citizens are protected from the growing national
security threats posed by malicious cyber actors who intend to do our nation harm.
I’m glad I was able to work closely with Rep. Langevin to craft legislation to
advance this important fight that is now the law of the land,” Ratcliffe said.

The lawmakers said their meetings with top Israeli officials, including Prime
Minister Benjamin Netanyahu and Minister of Defense Moshe Ya’alon, laid a critical
foundation for their U.S.-Israel cybersecurity legislation.

“When Rep. Langevin and I traveled to Israel earlier this year, our discussions with
Israeli national security and cybersecurity leaders revealed the immense wealth of
untapped potential we can leverage together to collectively vamp up our efforts to
combat growing cyber threats. We are extremely grateful for the opportunity to work
more closely with a country that’s a proven pioneer in cyber science and a top
leader in cyber expertise,” Ratcliffe said.

The United States-Israel Advanced Research Partnership Act expands a successful
binational research and development program at the Homeland Security Advanced
Research Projects Agency to include cybersecurity technologies. This collaboration
between DHS and the Israeli Ministry of Public Security helps new products through
the “valley of death” between basic and early-phase applied research and successful
commercialization, and will help both countries develop solutions to the unique
security problems found in the cyber domain.

Langevin is a senior member of the House Homeland Security Committee, and the
co-founder and co-chair of the Congressional Cybersecurity Caucus. Ratcliffe chairs
the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection
and Security Technologies.

By TAMI ABDOLLAH
Dec. 20, 2016
WASHINGTON (AP) — The Obama administration has failed to renegotiate portions of an international arms control arrangement to make it easier to export tools related to hacking and surveillance software — technologies that can be exploited by bad actors, but are also used to secure computer networks.

The rare U.S. move to push for revisions to a 2013 rule was derailed earlier this month at an annual meeting in Vienna, where officials from 41 countries that signed onto it were meeting. That leaves it up to President-elect Donald Trump’s administration whether the U.S. will seek revisions again next year.

U.S. officials had wanted more precise language to control the spread of such hacking tools without the unintended negative consequences for national cybersecurity and research that industry groups and lawmakers have complained about for months. Critics have argued that the current language, while well meaning, broadly sweeps up research tools and technologies used to create or otherwise support hacking and surveillance software.

Rep. Jim Langevin, D-R.I., said in a statement Monday that he is “deeply disappointment” by the plenary’s decision and hoped the incoming administration will continue the effort. Langevin co-chairs the Congressional Cybersecurity Caucus.

“U.S. cybersecurity and that of our allies will be imperiled if companies and researchers are not able to quickly share defensive tools,” said Langevin, who co-chairs of the Congressional Cybersecurity Caucus.

The White House referred questions Monday to the State and Commerce departments, neither of which responded to requests for comment.

As one of those 41 member countries of the 1996 Wassenaar Arrangement, which governs the highly technical world of export controls for arms and certain technologies, the United States agreed to restrict tools related to cyber “intrusion software” that could fall into the hands of repressive regimes.

The voluntary arrangement relies on unanimous agreement to abide by its rules on export controls for hundreds of items, including arms such as tanks or military aircraft and “dual-use” technologies such as advanced radar that can be used for both peaceful and military means.

The failed effort was a “bummer” said Katie Moussouris, CEO and founder of Luta Security who was part of this year’s Wassenaar delegation as a U.S. industry expert.

“If anybody understands how quickly you need to respond to a fire, this would essentially impede the internet’s firefighters if it was left in place,” Moussouris said. But she also noted that such work involving an international body also can take time and finding precise language is critical.

The plenary did agree to tighten up language essentially specifying that the rule should apply to attacker code used to command and control malware, not regular computer defense tools that might have been caught in the rule, Moussouris said.

Efforts to come up with a workable U.S. rule have highlighted the difficulty of applying the export controls restricting physical items to a virtual world that relies on the free flow of information for network security. Many companies operate in multiple countries and routinely employ foreign nationals who test their own corporate networks across borders.

The difficulties with the rule came to light in May 2015 after the Commerce Department’s Bureau of Industry and Security began working on its rule to abide by the arrangement and proposed denying the transfer of offensive tools — defined as software that uses “zero-day” exploits, or unpatched new vulnerabilities, and “rootkit” abilities that allow a person administrator-level access to a system.

Because in the cyber world testing a network often requires determining first how to exploit it and attempting to do so.

“Exploit code today is relatively routinely shared for purposes of security research and identifying and mitigating security vulnerabilities,” said Harley Geiger, director of public policy for Boston-based Rapid7, Inc., a cybersecurity company which makes software that can test for network vulnerability.

Geiger said the rule could require security researchers to obtain an export license when sharing across borders — a process that can take months.

Written by Shaun Waterman Dec 19, 2016
President Obama has signed into law a bill aiming to strengthen collaboration on cybersecurity research and development efforts between the U.S. and Israel.

H.R. 5877, the U.S.-Israel Advanced Research Partnership Act of 2016 passed the House unanimously last month under suspension of the rules and passed the Senate without opposition during a flurry of last minute activity overnight Dec. 9-10. The president signed it Friday.

The bill was one of two introduced in July after Reps. John Ratcliffe, R-Texas and Jim Langevin, D-R.I., visited Israel on a congressional delegation focused on key cybersecurity issues facing both countries, such as protecting power grids from hackers.

“I’m glad I was able to work closely with Rep. Langevin to craft legislation to advance this important fight [to protect America from hackers] that is now the law of the land,” said Ratcliffe, who chairs the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.

The law will “enhance cybersecurity for the United States and Israel, putting us on a shared path toward innovative solutions to the threats we face,” said Langevin, co-founder and co-chairman of the Congressional Cybersecurity Caucus. He added, “I look forward to continuing to work with Chairman Ratcliffe to strengthen our relationship with Israel, including by passage of the U.S.-Israel Cybersecurity Cooperation Enhancement Act next Congress.”

Langevin introduced that bill, numbered H.R. 5843, with Ratcliffe’s support, but it was not taken up in the Senate.  Supporters hope to get it re-introduced, and passed, next year.

The U.S.-Israel Advanced Research Partnership Act will expand a successful binational research and development program at the Homeland Security Advanced Research Projects Agency to include cybersecurity technologies. This collaboration between DHS and the Israeli Ministry of Public Security helps new products through the “valley of death” from basic and early-phase applied research to successful commercialization.

The other bill, the U.S.-Israel Cybersecurity Cooperation Enhancement Act, would have created a cybersecurity grant program for joint research and development ventures between Israeli and American companies, universities and/or nonprofits. The Homeland Security secretary would determine research requirements with help from an advisory board made up of members from successful U.S.-Israeli partnerships, but they would address research and development priorities across the spectrum from basic to applied to commercialization.