The US Department of Homeland Security introduced a new programme on Dec 14 wherein the company pays outdoors hackers to find vulnerabilities in its laptop techniques, a kind of incentive common within the cybersecurity trade that is named a “bug bounty”.
DHS Secretary Alejandro Mayorkas unveiled his company’s “Hack DHS” programme on the Bloomberg Technology Summit. Unlike many bug bounties, that are open to anybody, DHS stated in a assertion that its programme would come with solely “vetted cybersecurity researchers who have been invited to access select external DHS systems”. Any vulnerabilities they find would then be fastened, and the researchers could be rewarded with monetary prizes.
“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” Mayorkas stated within the assertion. “The Hack DHS programme incentivises highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”
Once a novelty, a whole lot of organisations all over the world now have bug bounty programmes, in accordance to a checklist maintained by Bugcrowd, a San Francisco-based firm that helps handle them. Such programmes permit corporations to higher safe their merchandise and cybersecurity researchers to earn money from figuring out weaknesses in corporations’ applied sciences and networks.
Mayorkas stated the company would pay awards from US$500 (RM2,116) to US$5,000 (RM21,162) per verified vulnerability, quantities that put the best potential payout from DHS on the decrease finish of the vary of some related programmes run by giant expertise corporations. Google, for instance, stated that in 2020 it paid US$6.7mil (RM28.35mil) in bug bounties, with the best single award being US$132,500 (RM560,806).
DHS plans to confirm any reported vulnerabilities inside 48 hours and both remediate or develop a plan to remediate them inside 15 days, Mayorkas stated. “We’re really investing a great deal of money as well as attention and focus on this programme,” he stated.
Regarding ransomware assaults, which contain hackers locking victims’ laptop techniques and demanding fee to unlock them, Mayorkas stated the company noticed a quadrupling in such incidents in early 2021 however that some of essentially the most prolific hacking teams seem to have backed off in the intervening time.
One motive could be the stepped-up responses by the US and different international locations to such assaults, which included a string of arrests introduced in November in opposition to alleged members of a Russia-linked ransomware group generally often known as REvil or Sodinokibi and sanctions in opposition to cryptocurrency entities which might be accused on enabling the hacks.
“Some of the major players we haven’t seen as active as previously,” Mayorkas stated. “That doesn’t mean that they’ve gone away, that we’ve defeated them. They very well might have hit the pause button. Vigilance has to remain at an incredibly high level.” – Bloomberg
