From data breaches to election interference, cyberattacks continue to pose a serious threat to US government agencies, businesses and citizens. However, these incidents are so widespread that they now seem normal. Even with lawsuits and financial penalties, the response to the incidents comes at a very slow pace. Data breaches have created mistrust, and with that has come the cynicism and acceptance that nothing can be done. However, there is hope. For the past six months, the government of USA has taken three extraordinary steps to change the way it approaches cyber security, and it all involves the help of an unusual ally: hackers.
With the following initiatives, there is an opportunity to significantly improve the security of the federal civil service, the government supply chain and the country's electoral systems.
Insurance of every federal political organization
There are more than 400 political organizations that operate as members of the federal government and are responsible for securing their digital assets and the large amounts of sensitive information they hold.
These services reach every citizen in ways we cannot imagine - from physical defense to private data. However, these organizations are still a frequent target of cyber attacks. Over 35.000 cyber incidents were reported by federal agencies in 2017 alone. The US Postal Service, the agency internal revenue and White House is among the organizations that have reported data breaches in the last five years.
A new initiative launched by the US Department of Homeland Security (DHS) will require every political organization to work with ethical hackers to better secure their digitally of assets. THE Directive will require all federal political services to establish a Vulnerability Disclosure Policy (VDP) to obtain and resolve vulnerabilities identified by ethical hackers before they can be exploited by its criminals cyberspace. A VDP ensures that if a hacker detects something dangerous in one website the one application, can easily report this and the organization will have an immediate way to handle the communication to restore the situation.
Uncovering vulnerabilities has long been an important practice in the cyberspace community. The US Department of Defense (DOD) has been implementing such a policy since 2016 and has since resolved over 12.000 security vulnerabilities that could otherwise have been used by various Criminals of cyberspace.
Securing electoral systems
IT-ISAC and the Senate Rules Committee work with all electoral security vendors, electoral certification bodies, and the private sector to understand how ethical hackers could help secure elections.
The relationships between ethical hackers and pre-election salespeople security have been destroyed, though they are working for the same purpose.
This summer, IT-ISAC tried to bridge the gap by issuing a Request for Information (RFI) on how VDPs and hackers can work better together. The so-called election vendors have made enormous efforts to understand the importance of the contribution of ethical hackers.
Securing the government supply chain
The DOD fully revises how to ensure the security of the logistics chain through Cybersecurity Maturity Model Certification (CMMC). CMMC will require every organization working with DOD to meet certain cybersecurity standards.
The impact of this is amazing. Violations in its supply chain government endanger the country's national security and have a direct monetary impact on the country taxable, at an average cost of $ 6.000. Ethical hackers could play an important role in this initiative.
The exploitation of vulnerabilities identified in government cybersecurity infrastructure will continue to increase. In the meantime, there is an entire army of hundreds of thousands of security experts willing to help.