[Congressional Record (Bound Edition), Volume 162 (2016), Part 1]
[House]
[Page 325]
[From the U.S. Government Publishing Office, www.gpo.gov]




            INTRUSION SOFTWARE AND THE WASSENAAR ARRANGEMENT

  (Mr. LANGEVIN asked and was given permission to address the House for 
1 minute and to revise and extend his remarks.)
  Mr. LANGEVIN. Mr. Speaker, securing our networks from cyber attack is 
a challenging task. One of the most effective techniques is penetration 
testing, or turning hacking tools on one's own network to find 
weaknesses before bad actors have a chance to exploit them.
  Unfortunately, a rule proposed by the Bureau of Industry and Security 
within the Department of Commerce last May has the potential to make it 
much harder to share existing tools and develop new ones, which could 
severely harm our national security and our economic competitiveness.
  The rule was issued as part of the addition of ``intrusion software'' 
to the Wassenaar Arrangement, one of the principal international export 
control regimes. Perhaps unsurprisingly, using a 20-year-old 
framework--itself the successor of a three-quarter-century-old cold war 
agreement--to regulate cutting-edge technology has proved difficult. 
However, I am very thankful for the Bureau's willingness to reexamine 
the initial proposal, and I am looking forward to tomorrow's Homeland 
Security hearing as an important step in the process to produce a final 
rule that allows defenders to test their networks before they are 
attacked. This is a bipartisan hearing tomorrow, and I look forward to 
tomorrow's hearing.

                          ____________________