(CBS4) – Attention computer hackers: The government wants you!
Sen. Cory Gardner has introduced a bill that would set up a bug bounty program at the U.S. State Department. It would pay hackers a bounty to find bugs in its computer network. It’s something the private sector has been doing for years to protect trade secrets. For the government, it’s about protecting national security. And some of the hackers could come from Colorado.
Computer Science Professor Steve Beaty of Metropolitan State University of Denver is training the next generation of cyber security experts or professional hackers.
“There’s a group of people who make their living doing nothing but breaking into sites with permission,” he said.
They are called white hat hackers, and Beaty says some of the nation’s biggest corporations invite them to break into their systems and pay them bounties for every bug they find.
“They understand the bits and bites at the lowest levels.”
Now, the federal government is recruiting the experts. Gardner, a Republican and Colorado’s junior senator, is sponsoring the Hack Your State Department Act.
“Cyber security is an incredible vulnerability to so many aspects of our life and our national security and our economy. And so we’re trying to figure out how to use sort-of the white hat hackers approach to understand vulnerabilities within our system, to understand vulnerabilities within the government, and use them to identify problems before they actually become a critical security risk to our country.”
Chair of the Cyber Security Subcommittee, Gardner says every minute another nation tries to break into our network. And while it may be unnerving to think the government would ask people to hack its computer system, Beaty says consider the alternative.
“It’s so much better to learn from the good guys than to learn the tough lesson from the bad guys. There’s been plenty of departments inside the U.S. government, state governments, local governments that have been exploited. And the bug bounty is almost always going to be much less expensive than the clean-up required when one of the bad guys breaks in,” he said.
Gardner says the State Department will screen all the hackers and determine pay and other details. He sponsored a bill that set up a similar pilot program at Homeland Security last year. The Department of Defense is also using professional hackers.