Inside Cybersecurity

May 13, 2021

Daily News

Industry group says imposing broad export controls on emerging tech will hurt U.S. cybersecurity

By Mariam Baksh / January 10, 2019

Efforts to protect national security by controlling foreigners' access to sensitive U.S. technology would more likely damage U.S. cyber defenses and endanger critical infrastructure, according to an industry group's comments submitted today to the Commerce Department's Bureau of Industry and Security.

“It is the Coalition’s view that restrictive export controls on a broad swath of emerging computing technologies, including a broad range of AI solutions, quantum computing, and data analytics will have significant negative impacts on U.S. cybersecurity companies,” wrote the Cybersecurity Coalition, an advocacy group whose members include major U.S. telecommunications, tech, and cybersecurity companies.

Inside Cybersecurity obtained the Coalition's comments, along with those from the Center for Strategic and International Studies – comments are not currently publicly available due to the partial government shutdown – in advance of the filing deadline, which expires today.

BIS on Nov. 19 issued a request for comment on an advance notice of proposed rulemaking to identify criteria that might be used to inform potential export controls on 14 categories of “foundational or emerging technology” – such as quantum and artificial intelligence – in the interest of maintaining a “qualitative military or intelligence advantage,” according to BIS.

But the very technologies that the government wants to keep out of the hands of potential U.S. adversaries are still being developed and in the case of quantum computing, for example – which one leading DHS cyber official views as a “systemic risk” for its potential to decode U.S. encryption but also promises breakthroughs that could lead to “uncrackable” encryption – the greatest advances are being made by China, ostensibly a major target of the export controls.

“China already has the first satellite capable of intercontinental quantum cryptography; has made quantum research a designated “mega project”; reportedly set aside $10 billion for the National Laboratory for Quantum Information Sciences; and reportedly has surpassed the United States in quantum related patents,” the Coalition wrote, adding “Chinese development of AI for security purposes follows a similar trajectory.”

Commenters resisting such controls argue that open collaboration would be more beneficial toward necessary innovation.

“The introduction of export controls may inadvertently harm U.S. national security by weakening U.S. companies’ ability to innovate within the technologies under consideration,” the Coalition wrote.

The group, coordinated by Ari Schwartz, a White House cyber official under President Obama, also cited ways the BIS rulemaking could affect more traditional cybersecurity operations.

“Overly broad export controls may further damage U.S. companies, hinder domestic development, and damage the cybersecurity environment in numerous additional ways,” the group said. “First, security research and information sharing, which is critical to maintaining the health of the cyber ecosystem by ensuring threats and vulnerabilities are quickly identified, analyzed, and patched in a timely manner, may be hampered.”

The Coalition continued: “Because the entire global digital infrastructure is interconnected—data as well as cyber threats flow across borders—controlling cybersecurity technology in this manner could also have the unintended but counterproductive consequence of slowing the discovery and disclosure of critical vulnerabilities, as well as the tools needed to patch them - this could in turn harm the U.S. critical infrastructure.”

CSIS' comments echoed other tech industry comments in calling for a narrow approach to limiting access to sensitive U.S. tech to foreigners via export controls by creating a list of Chinese entities that have a military affiliation. Those entities, and not commercial enterprises, should be barred access.”

CSIS also said the list should be based on the intended end uses and not include “end items” or products.

“The problem with a catch all is that it may catch too much,” read the CSIS comments. “The usual solution is to include a list of end uses and end users to which the catch all would apply, in this case, end users connected to the Chinese military and security-related entities. Controls on end items should generally be avoided. 'Reverse engineering' from a commercial product for developing new military capabilities is less of a concern than is Chinese acquisition of intellectual property and know-how, and this is where controls on emerging technology should focus.” – Mariam Baksh (mbaksh@iwpnews.com)