Cybersecurity

Serious progress made on the Wassenaar Arrangement for global cybersecurity

A group of 41 nations gathered this month to officially update the language of the Wassenaar Arrangement, a voluntary agreement governing certain export controls for classified dual-use software and technology, otherwise known as “cyberweapons.”

Along with one other representative, Iain Mulholland, I participated as a technical expert in security vulnerability disclosure and cyber incident response. (As a disclaimer, we did not represent any department of the U.S. government.) Our responsibilities at each technical expert’s working group meeting, from June 2016 leading up to last week’s plenary vote, included helping to clarify the arrangement’s language. We did so to prevent unintended consequences, especially any that would disrupt internet defenses.

The progress our group made was substantial and important, both to America and for countries around the world, now also including India as the 42nd country newly added to the group. We were able to work as a team to add some important new clarifications affecting vulnerability disclosure and cyber incident response.