From data breaches to election interference, cyberattacks continue to pose a serious threat to US government agencies, businesses and citizens. However, these incidents are so widespread that they now seem normal. Even with lawsuits and financial penalties, the response to the incidents comes at a very slow pace. Data breaches have created mistrust, and with that has come the cynicism and acceptance that nothing can be done. However, there is hope. Over the past six months, the US government has taken three extraordinary steps to change the way it approaches cyber security, and it all includes the help of an unusual ally: hackers.
With the following initiatives, there is an opportunity to significantly improve the security of the federal civil service, the government supply chain and the country’s electoral systems.
Insurance of every federal political organization
There are more than 400 political organizations that operate as members of the federal government and are responsible for securing their digital assets and the large amounts of sensitive information they hold.
These services reach every citizen in ways we cannot imagine – from physical defense to private data. However, these organizations are still a frequent target of cyber attacks. Over 35,000 cyber incidents were reported by federal agencies in 2017 alone. The US Postal Service, Internal Revenue Service and White House have been among the organizations that have reported data breaches in the last five years.
A new initiative launched by the US Department of Homeland Security (DHS) will require every political organization to work with ethical hackers to better secure its digital assets. The directive will require all federal political services to establish a Vulnerability Disclosure Policy (VDP) to receive and resolve vulnerabilities identified by ethical hackers before they can be exploited by cybercriminals . A VDP ensures that if a hacker detects something dangerous on a website or application, can easily report this and the organization will have an immediate way to handle the communication to restore the situation.
Uncovering vulnerabilities has long been an important practice in the cyberspace community. The US Department of Defense (DOD) implements such a policy since 2016 and since then has resolved more than 12,000 security vulnerabilities that could otherwise have been used by various criminals cyberspace.
Securing electoral systems
IT-ISAC and the Senate Rules Committee work with all electoral security vendors, electoral certification bodies, and the private sector to understand how ethical hackers could help secure elections.
Relations between ethical hackers and electoral security vendors have been destroyed, though they are working towards the same goal.
This summer, IT-ISAC tried to bridge the gap by issuing a Request for Information (RFI) on how VDPs and hackers can work better together. The so-called election vendors have made enormous efforts to understand the importance of the contribution of ethical hackers.
Securing the government supply chain
The DOD fully revises how to ensure the security of the logistics chain through Cybersecurity Maturity Model Certification (CMMC). CMMC will require every organization working with DOD to meet certain cybersecurity standards.
The impact of this is amazing. Violations in the government supply chain jeopardize the country’s national security and have a direct monetary impact on the taxpayer , with an average cost of $ 6,000. Ethical hackers could play an important role in this initiative.
The exploitation of vulnerabilities identified in government cybersecurity infrastructure will continue to increase. In the meantime, there is an entire army of hundreds of thousands of security experts willing to help.