Presentation is loading. Please wait.

Presentation is loading. Please wait.

EXPORT CONTROLS ON CYBERSECURITY Feb. 2016 EXPORT CONTROLS ON CYBERSECURITY Feb. 2016 Eli Greenbaum

Published byTabitha Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "EXPORT CONTROLS ON CYBERSECURITY Feb. 2016 EXPORT CONTROLS ON CYBERSECURITY Feb. 2016 Eli Greenbaum"— Presentation transcript:

1 EXPORT CONTROLS ON CYBERSECURITY TECHNOLOGY @OWASP Feb. 2016 EXPORT CONTROLS ON CYBERSECURITY TECHNOLOGY @OWASP Feb. 2016 Eli Greenbaum elig@arnon.co.il

2 Laws that regulate the export and sharing of sensitive: – Technology – Equipment – Software – Know-how – Data Not related to “purpose” or “intentions” Prohibitions vs. Licenses Export Controls

3 Export Controls can: – Prevent the spread of WMD or military goods, which could harm global security and stability – Prevent the spread of dangerous technology to enemies – Preserve economic and military advantages – Promote trade between allied states Benefits of Export Controls

4 Export Controls can: – Prevent potentially lucrative trade opportunities – Deter foreign investment – Hurt competitiveness of domestic firms – Anger domestic audiences – Have diplomatic costs Costs of Export Controls

5 Need a license to: market, export, be an agent for controlled technology Restricts transfers to foreigners Maximum fine: 3 years prison, 6.7 million NIS, could be higher in aggravating circumstances Company managers can have personal liability as well. Exceptions for public domain and academic research 2007 - חוק הפיקוח על הייצוא הביטחוני

6 Nuclear Suppliers Group Missile Control Technology Regime (MCTR) Australian Group Wassenaar Arrangement International Export Control

7 2013 amendments to Wassenaar Arrangements French and British propose adding cybersecurity controls Implemented in many countries without problems May 2015: United States regulations Jan 2016: Israel Regulations Cybersecurity Controls

8 Wassenaar: “Intrusion Software” “IP Surveillance Systems Israel adds: Forensic Equipment Vulnerabilities Automatic Export Generation Cybersecurity Controls

9 Software specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following: a.The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or b.The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions. Not including: a.Debuggers or Software Reverse Engineering tools; b.Digital Rights Management (DRM) software ; or c.Software designed to be installed by owners for asset tracking Intrusion Software

10 Software specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following: a.The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or b.The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions. Not including: a.Debuggers or Software Reverse Engineering tools; b.Digital Rights Management (DRM) software ; or c.Software designed to be installed by owners for asset tracking Intrusion Software By Who? Users? Network owner? Owner of the software?

11 Software specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following: a.The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or b.The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions. Not including: a.Debuggers or Software Reverse Engineering tools; b.Digital Rights Management (DRM) software ; or c.Software designed to be installed by owners for asset tracking Intrusion Software Tracking software?

12 Software specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following: a.The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or b.The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions. Not including: a.Debuggers or Software Reverse Engineering tools; b.Digital Rights Management (DRM) software ; or c.Software designed to be installed by owners for asset tracking Intrusion Software Auto-updaters? Products that stop employee communication? All third party developers? Antivirus software?

13 Software specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following: a.The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or b.The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions. Not including: a.Debuggers or Software Reverse Engineering tools; b. Digital Rights Management (DRM) software ; or c.Software designed to be installed by owners for asset tracking Intrusion Software Packers? Obfuscators?

14 חולשה, למעט אחת מאלה: א. חולשות הנמסרות באופן בלעדי למי שפיתח את הקוד א הפרוטוקול, או למי מטעמו, ב. חולשות המוצאות לנחלת הכלל, ג. חולשות המיועדות לשימוש במוצרי הגנה בלבד, המיוצרים בחברה המחזיקה בחולשה או בחברה. Vulnerabilities

15 חולשה, למעט אחת מאלה: א. חולשות הנמסרות באופן בלעדי למי שפיתח את הקוד א הפרוטוקול, או למי מטעמו, ב. חולשות המוצאות לנחלת הכלל, ג. חולשות המיועדות לשימוש במוצרי הגנה בלבד, המיוצרים בחברה המחזיקה בחולשה או בחברה. Wh at about: To customers/suppliers? Open source? Vulnerabilities that require multi-stakeholder cooperation? Academic/Security Research? Vulnerabilities

16 מערכות או תוכנה שתוכננה או הותאמה במיוחד לאיתור חולשות אוטומטי, לשם ביצוע שימוש בהן בתוכנת חדירה כנגד אחר. טכנולוגיה וידע לפיתוח של תוכנת חדירה. Vulnerabilities

17 מערכות או תוכנה שתוכננה או הותאמה במיוחד לאיתור חולשות אוטומטי, לשם ביצוע שימוש בהן בתוכנת חדירה כנגד אחר. טכנולוגיה וידע לפיתוח של תוכנת חדירה. Vulnerabilities Wh at about: All software on on the planet? Wh at about: Pen Testing? Automated Exploit Generation (Metasploit)?

18 Foreign availability outside participating states. The ability to control effectively the export of the goods. The ability to make a clear and objective specification of the item Wassenaar Criteria

19 THANK YOU Eli Greenbaum elig@arnon.co.il

Download ppt "EXPORT CONTROLS ON CYBERSECURITY Feb. 2016 EXPORT CONTROLS ON CYBERSECURITY Feb. 2016 Eli Greenbaum"

Similar presentations

Session I: Technology, Trade and Growth-lessons of Experiences Session I: Technology, Trade and Growth-lessons of Experiences Issues related to technology.

Session I: Technology, Trade and Growth-lessons of Experiences Session I: Technology, Trade and Growth-lessons of Experiences Issues related to technology.
Freedom of Speech (Part 3)

Freedom of Speech (Part 3)
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Copyright © 2009 South-Western Legal Studies in Business, a part of South-Western Cengage Learning. CHAPTER 13 The Regulation of Exports.

Copyright © 2009 South-Western Legal Studies in Business, a part of South-Western Cengage Learning. CHAPTER 13 The Regulation of Exports.
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
© McGraw Hill Companies, Inc., 2000 Entry Strategy and Strategic Alliances Chapter 14.

© McGraw Hill Companies, Inc., 2000 Entry Strategy and Strategic Alliances Chapter 14.
Legal Issues and Export Controls Career-Ending Opportunities and Ways to Get Fitted for an Orange Jumpsuit David Lombard Harrison, Associate Vice President.

Legal Issues and Export Controls Career-Ending Opportunities and Ways to Get Fitted for an Orange Jumpsuit David Lombard Harrison, Associate Vice President.
Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.
Carnegie Mellon Export Controls & Universities. Carnegie Mellon Introduction  Federal laws restricting the exports of goods and technology have been.

Carnegie Mellon Export Controls & Universities. Carnegie Mellon Introduction  Federal laws restricting the exports of goods and technology have been.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Software Protection & Scope of the Right holder Options for Developing Countries Presentation by: Dr. Ahmed El Saghir Judge at the Council of State Courts.

Software Protection & Scope of the Right holder Options for Developing Countries Presentation by: Dr. Ahmed El Saghir Judge at the Council of State Courts.
1 ECP 6701 Competitive Strategies in Expanding Markets International Business: An Overview.

1 ECP 6701 Competitive Strategies in Expanding Markets International Business: An Overview.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
By: Colby Shifflett Dr. Grossman Computer Science 420 12/01/2009.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.
NEW ZEALAND’S EXPORT CONTROLS Implementation and Status Ministry of Foreign Affairs and Trade.

NEW ZEALAND’S EXPORT CONTROLS Implementation and Status Ministry of Foreign Affairs and Trade.
Intellectual Property in the Context of Growth and Development of the World Economy Luciano Daffarra, Attorney at Law Daffarra, d’Addio & Partners China-Italy.

Intellectual Property in the Context of Growth and Development of the World Economy Luciano Daffarra, Attorney at Law Daffarra, d’Addio & Partners China-Italy.
Modernizing Export Controls ABA International Law Section Matthew S. Borman Acting Assistant Secretary for Export Administration Bureau of Industry and.

Modernizing Export Controls ABA International Law Section Matthew S. Borman Acting Assistant Secretary for Export Administration Bureau of Industry and.

Similar presentations

Ads by Google