Comment

America is losing the cyber war: Here's how to turn the tide

sphere of binary data 

When I served as a commissioned officer in the Navy and in Operations Enduring and Iraqi Freedom, we fought battles on three fronts: air, sea and land. Our country is now faced with a fourth battlefront -- one that has already made its way into the private lives of many American citizens: cyber warfare.

This battle has significant potential to be the most elusive, challenging and dangerous. There are no front lines, no established territories, and an enemy that is invisible to us. The weapons are computer keyboards and lines of code. The collateral damage is ultimately sensitive data and personal information.

Recent breaches -- both in the public and private sectors -- have exposed just how vulnerable IT systems are and the significant exploits we face both within our own borders and across them. It is the federal government's responsibility to protect private citizens from these threats -- people who may not have the technical know-how to protect themselves.

Although some federal agencies are making headway on this mission, much of the government's technology is outdated. There is also a huge talent shortage as agencies struggle to compete with private companies offering lucrative salaries for cybersecurity resources.

Our cyber enemies are evolving at a breakneck pace, and they range from government-sponsored hackers and so-called "hacktivists" to the standalone hacker motivated primarily by money. Many organizations have struggled to keep up, and let's face it: software development is not the government's strong suit. But it doesn't have to be this way.

The federal government doesn't fight land, sea and air battles entirely on its own, and it shouldn't try to tackle cyber threats that way, either. There is a global community of skilled hackers and researchers with the capabilities and desire to protect private data. All we need to do is tap into it, so that legions of researchers and experts, sometimes called "white hat" hackers, can be utilized to implement "crowdsourced security."

I've seen firsthand the power of the white hat "crowd" during my time at the Department of Defense. I ran the department's "Hack the Pentagon" program, the first federal program to utilize the bug bounty security testing model.

The program was designed to identify and address security vulnerabilities in public-facing DOD websites. More than 1,400 hackers registered to participate in the program, which offered bounties, or cash rewards, to those who could identify legitimate vulnerabilities. I was overwhelmed by the results.

Not only were we surprised by the number of vulnerability reports, we were blown away by the number of hackers who were passionate about making a positive difference. Bug bounty programs and vulnerability disclosure programs have been used successfully by both private and public organizations to identify security vulnerabilities. At the most basic level, having a program like this for your organization will encourage better software development practices and more secure code that prevents security exploits.

There is a real opportunity here to change the tide of the ongoing cybersecurity battle by leveraging the expertise of researchers within the private sector. Every government agency should implement a bug bounty program utilizing the Pentagon's blueprint.

We must encourage hackers and professionals to support their government and help to protect national assets. They are ready and willing to help; now it's on us to open the door. If we don't allow white hat hackers to find vulnerabilities within our most important digital infrastructure, then it's only a matter of time until malicious actors do.

About the Author

Michael Chung is head of Government Solutions at Bugcrowd.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.