The US has failed to take the offensive cyber products to the Wassenaar agreement. That means that the State Department and the Pentagon are looking for an alternative framework. They might find it in ITAR [International Traffic in Arms Regulations].
The Obama administration understands that something has to be done to regulate the violence in the cyber domain. Cyber arms control and regulation are hot topics right now.
The last try to impose cyber arms control was with Wassenaar agreement that regulate dual use technologies. But, the big tech companies opposed, and the initiative failed.
I would like to argue that the Obama administration can choose to implement instead cyber arms control within the ITAR regulation.
The ITAR is a set of United States Government regulations on the export and import of military related articles and services. Therefore, it can contain the offensive cyber technologies and give the US control over them.
One has to acknowledge that most of the cyber technologies are coming from US companies or companies that were funded by US money. It allows the US to use ITAR to control the export of those technologies.
The use of ITAR opens more possibilities in this context. For example, the US can decide that every code written on a CPU of Intel or AMD [US companies] is subject to ITAR. Equally, it can apply to any electronic product that is funded by US money or developed in the US.
If the US goes this way, others will follow. China is another country bothered with cyber defence. It is also a significant producer of electronics. That means that the Chinese government can apply a regulation like ITAR. Besides US and China, this is true for any “ITAR-Free” country.
To summarize, cyber technologies regulation is a must. There is no better option for the international community to decrease the violence in the cyber domain. The question on the table will it be by the Wassenaar Agreement, ITAR or a new one.
Written by Ami Rojkes Dombe
(Security Affairs – Wassenaar agreement, ITAR)