The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation.
Hack the Capitol has steadily grown in size and stature by raising awareness about the value of governments and businesses partnering with hackers to solve complex security problems.
In serving as a committee member of the Hacking Policy Council, I have been struck by the growing convergence of artificial intelligence, security concerns, and policy efforts, especially since the launch of ChatGPT late last year.
As these interrelated trends continue to merge, we are seeing more large, conservative enterprises and government agencies aligning their interests with the white hat hacker community.
This growing public support for new policy guardrails has reinforced government and industry involvement with bug bounties and vulnerability disclosure programs to harness the collective power of crowdsourced threat researchers.
Addressing the Alarming Threats to Critical Infrastructure One area where the rise of AI can inflict major damage involves attacks on critical infrastructure, including energy grids, water supplies, computer networks, transportation systems, and communications hubs.
In lieu of a critical event, conservative vertical sectors take longer to trust hackers.
Aging critical infrastructure organizations have a lot of publicly accessible initial access vectors, but this problem is not unique to critical infrastructure alone.
Critical infrastructure adoption of hacker feedback is still lagging, but that is to be expected.
Our idea for Bugcrowd was to connect a global supply of white hats with unmet demands and to build a vibrant environment for good faith hackers.
Hackers have seized on this opportunity by putting their skills to work for positive change, and by building a viable career path for themselves in the process.
As for participants from big government and big business, the true value of a public bug bounty is twofold.
One is the confidence of having code hacked by an outsider, and the other is ensuring proof across the organization that the boogeyman is real.
Government Agencies Step Up to Address New Threats Hack the State Department, Hack the DHS, and other Congressional bills that acknowledge and encourage partnerships between hackers and the government date back to at least 2005.
In recent years, members of the House and Senate have proposed bug bounty programs to be conducted internally for federal agencies, as well as for other departments of the federal government.
It has been encouraging to see the House's continued interest in enlisting hackers to serve as the Internet's immune system.
The reality of modern federal infrastructure is that very little of it is actually managed by the government.
Federal contractors are an integral part of the IT infrastructure supply chain that supports the entire operation of the United States government.
Along with the transparency and accountability benefits, the hacker community has been enlisted to provide a previously underutilized capacity to scale to meet the challenge.
Hackers On the Hill and the DEF CON policy department deserve a great deal of credit for initiating and normalizing these types of conversations, and it's important to note that bills like this one ultimately are the result of decades of consistent education and partnership between the hacker community and Capitol Hill.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 14 Dec 2023 15:05:17 +0000