On the recordJanuary 11, 2016
Mr. Speaker, securing our networks from cyber attack is a challenging task. One of the most effective techniques is penetration testing, or turning hacking tools on one's own network to find weaknesses before bad actors have a chance to exploit them. Unfortunately, a rule proposed by the Bureau of Industry and Security within the Department of Commerce last May has the potential to make it much harder to share existing tools and develop new ones, which could severely harm our national security and our economic competitiveness. The rule was issued as part of the addition of ``intrusion software'' to the Wassenaar Arrangement, one of the principal international export control regimes. Perhaps unsurprisingly, using a 20-year-old framework--itself the successor of a three-quarter-century-old cold war agreement--to regulate cutting-edge technology has proved difficult. However, I am very thankful for the Bureau's willingness to reexamine the initial proposal, and I am looking forward to tomorrow's Homeland Security hearing as an important step in the process to produce a final rule that allows defenders to test their networks before they are attacked. This is a bipartisan hearing tomorrow, and I look forward to tomorrow's hearing. ____________________
