The White House vowed more consultations in a response to a House of Representativesletter sent to National Security Adviser Susan Rice late 2015 urging a revision to implementation of export controls on cybersecurity intrusion software.
Coauthored by House Cybersecurity Caucus Co-Chairs Jim Langevin (D-R.I.) and House Homeland Security Committee Chairman Michael McCaul (R-Texas), the original letter to Rice feared a new export control rule would impair cybersecurity efforts by being too broad.
The rule, from the Commerce Department’s Bureau of Industry and Security (BIS), was written in line with the addition of intrusion software to the international Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. The letter came after legislators, industry officials, and non-government organizations broadly opposed the rule as initially written in public comments.
The lawmakers sought Rice and the Executive Office of the President’s guidance to help BIS and the State Department put the comments in context and to reevaluate the proposed rule additions.
“Stakeholders raised serious concerns regarding the scope of the draft rule to implement the 2013 Arrangement among the 41 Wassenaar party states on intrusion software during the proposed rule comment period,” Caroline Tess, Special Assistant to the President and Senior Director for Legislative Affairs at the National Security Council, said in a response on Rice’s behalf.
Tess highlighted that the Commerce Department would not issue a final rule without at least one more round of public comment on a revised draft.
The administration also said it has intensified its engagement with experts and stakeholders from the government and industry “on how to mitigate the national security risks posed by the proliferation of cyber tools in a manner consistent with promoting cybersecurity,” Tess said.
“The Administration is committed to taking into account the impact that any export control rule related to cyber technology may have on our national security and adequately considering the burden that such a rule may place on legitimate cybersecurity activities.”
Langevin thanked Rice for the Nation Security Council’s engagement with the issue because closer involvement will help a revised rule avoid the problems identified in the original proposed rule.
“I am confident that the NSC, with additional insight from industry leaders and cybersecurity experts, will be able to guide the interagency to an outcome that protects our national security, and I look forward to continuing my work with Chairman McCaul to monitor this process,” Langevin said.
McCaul agreed, noting, “I am also hopeful that the NSC, in coordination with industry leaders and academics, will be able to guide the process here forward so as to ensure the United States can continue to protect American information and information systems that ultimately keep our country safe.”
However, Langevin cited deeper issues discussed at the House Homeland Security Committee’s discussion of the rule in January.
“As we learned at the Homeland Security Committee hearing last month, the underlying problem may lie in the Arrangement language itself, meaning the only solution may be to go back to Wassenaar and renegotiate,” Langevin said.