© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
December 4, 2013 9:31 pm
Western governments are close to an agreement that would put sensitive cyber security technologies on the same footing as regular armaments under one of the world’s main agreements on weaponry export control.
Diplomats are expected to hammer out revised terms for the Wassenaar Arrangement in private meetings in Vienna this week so that it includes new controls on complex surveillance and hacking software and cryptography. The 41 signatory states include the US, Russia, Japan, France and Germany.
The UK government is leading the push to curb exports in what will be one of the first international attempts to clamp down on “cyber proliferation” – an area of growing concern for many Western spymasters.
If successful, revised proscriptions under the Wassenaar Arrangement, which has regulated exports of military hardware and “dual-use” equipment since 1996, will almost certainly be followed quickly by an EU-wide clampdown on sensitive cyber technologies, said people familiar with the talks.
Cyber security software and hardware is one of the fastest-growing areas of the security industry, but the sale and use of many privately developed technologies has until now been monitored on an ad hoc basis by individual countries only.
The UK Trade and Investment government office estimates the global size of the cyber security market at £123bn, with an annual growth rate of 10 per cent.
“[Cyber security technology] is a lot like the arms race,” says David Livingstone, associate fellow at Chatham House, the international affairs think tank. “You invest and develop something and then someone on the other side responds. What you want to do is slow down how fast your foe develops equivalent technologies.”
The problem many Western governments face, Mr Livingstone points out, is that “the origins of our [cyber security] capabilities often lie in the commercial domain.”
Particularly sensitive areas include so-called “deep packet inspection” technologies which allow users to screen data for hidden viruses, malware or surveillance programmes. Western intelligence agencies are particularly concerned about such technologies falling into enemy hands, because they could enable them to foil cyber attacks or gain an intimate understanding of Western screening systems and their fallibilities.
A spokesperson for the UK’s Department for Business, which deals with the UK’s export licence regime, said: “The government agrees that further regulation is necessary. These products have legitimate uses in defending networks and tracking and disrupting criminals but we recognise that they may also be used to conduct espionage.
“Given the international nature of this problem we believe that an internationally agreed solution will be the most effective response. That is why the UK is leading international efforts to agree export controls on specific technologies of concern. We expect to be able to announce real progress in this area in early December.”
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in