Citizens First Cyber Security Professionals




Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

Connect via Facebook

Connect via Facebook

Member Poll

There are no polls defined.


You must login to post a message.

16-01-2018 11:17
Yo' ... It's beginning to look like I have hired another lazy ass moderator?... That best not be the case!! Frown

12-01-2018 12:30
Yo' Citizens, I will have a couple of "new tools" and some interesting news to share with you today! I will have it all up for you shortly. Cool

01-01-2018 15:56
Yo' Citizens, Happy New Year! Grin

24-12-2017 13:40
Yo' Citizens, Merry Christmas Eve! Grin

16-12-2017 18:54
Currently creating your holiday specials! New holiday membership specials coming to you within the hour! Grin

Welcome Citizens

Welcome to, Citizens First Cyber Security Professionals.

The Individual Citizen Specific, Cyber Security Investigative Services Firm. Cyber Security Web Forum and Educational Cyber Security Dojo.

Geared strictly to helping Individual Citizens and Small Businesses! Address unwanted cyber security intrusions and hacking incidents!

View Thread

 Print Thread
Serious progress made on the Wassenaar Arrangement for global cybersecurity - Via - TheHill
Yo' Greetings Citizens,

Serious progress made on the Wassenaar Arrangement for global cybersecurity - Via - TheHill

A group of 41 nations gathered this month to officially update the language of the Wassenaar Arrangement, a voluntary agreement governing certain export controls for classified dual-use software and technology, otherwise known as “cyberweapons.”

Along with one other representative, Iain Mulholland, I participated as a technical expert in security vulnerability disclosure and cyber incident response. (As a disclaimer, we did not represent any department of the U.S. government.) Our responsibilities at each technical expert’s working group meeting, from June 2016 leading up to last week’s plenary vote, included helping to clarify the arrangement’s language. We did so to prevent unintended consequences, especially any that would disrupt internet defenses.

The progress our group made was substantial and important, both to America and for countries around the world, now also including India as the 42nd country newly added to the group. We were able to work as a team to add some important new clarifications affecting vulnerability disclosure and cyber incident response.

How did we get here?

The Wassenaar Arrangement, once used primarily to help slow the proliferation of conventional military weapons and technology like advanced radar systems, added command and delivery platforms for “intrusion software” and “intrusion software technology” in 2013, classifying both as items requiring export licenses. All 41 countries party to this agreement, except the U.S., had already implemented the required export control changes in their national regulations.

We in the U.S. paused our implementation of the new controls locally, based on unprecedented industry feedback including, outcry, panic, chagrin, consternation, and frustration.

Where did we stand up until this month? The Wassenaar Arrangement as written would have required export control licenses for nearly anyone involved in defensive security activities involving an export of, for example, command and control software & technology shared in taking down a botnet attack in real time.

The response to cyberattacks such as the “WannaCry” worm could have been held up in export control paperwork for days, if not weeks, as would any other vulnerability disclosure or incident response in which command and control software or technical analysis of that software, were to cross a country’s virtual or physical border.

Clearly, this wasn’t the intent of the export controls.

Changes clarify export controls for internet defenders

Now that the official Wassenaar plenary votes have ratified the new language edited for clarity, the security industry can breathe easier knowing that the specific cross-border sharing activities around vulnerability disclosure and security incident response are exempt from requiring export control licenses as dictated by Wassenaar.

Also, updates and upgrades were clarified, as long as the software is not designed to update “intrusion software,” or turn benign software into something more malicious.

Do U.S. defenders need new export licenses?

For the U.S., it is likely there will be a decision between whether to pursue further clarifications of Wassenaar, or to draft a new export control rule. All options moving forward are all still on the table, and there will likely be further opportunities for the public to weigh in on this undecided next move by the US...++...

Please Read The Full Story here:

Thank You For Your Time, Citizens. I hope that you have a great and cyber-secure day!

Thank You Citizen,
The Administration
Jump to Forum:
top image scrolling tools
Render time: 0.22 seconds
311,947 unique visits