The Department of Homeland Security announced that their Hack DHS program resulted in fixing more than 120 security vulnerabilities 27 of them being rated as critical. More than 450 security researchers and ethical hackers cashed in for more than $125,000 in totality, with $5,000 rewards per bug for those which were most severe.
It is hard to quantify the savings of this program. Any one exploit could cost hundreds of millions of dollars in the private sector. In terms of national security, technological bugs could cost state secrets or even lives.
As we continue to see enhanced cybercrime, in part due to cyberwar breaking out in Eastern Europe, the DHS program is one that should be wholly embraced throughout the digital assets industry.
Eric Hysen, DHS chief information officer, said,
“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited. We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.”
The Hack DHS program is built in the same vein as the “Hack the Pentagon” program, and similar programs are utilized throughout the private sector. It is derived from the SECURE (Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure) Technology Act, which required such a bounty program, and many hope that other government agencies will follow.
Hackers that participate are to provide details on the vulnerability and ways in which it can be exploited, as well as ways it could be utilized to access data systems.
The digital assets space has been under siege, especially as the war in Eastern Europe continues to heat up and a clear cyberwar emerges. The industry is of particular interest to hackers because of the tremendous amount of wealth concentrated within.
It will continue to see itself targeted for as long as the wealth remains. This is all the more reason for enhanced security, including the use of ethical hackers.
While the DHS program cost the government more than $100,000, exchange operators should consider the average cost of an exploit. Recent hacks have cost hundreds of millions not even to mention the PR cost associated with a hack.
Finding vulnerabilities before they are exploited by hackers would be well worth the cost, and it is about time that the industry starts being proactive rather than reactive. While some of the larger operators have already implemented such programs, it is time that we mainstream ethical hackers into our industry.
As long as the war continues in Ukraine, and as some believe it will spread toward Moldova, cybercrime will continue to emerge as among the greatest threats to national security. Even after the end of the physical battle, the cyber war may still rage on.
Particularly for nation-states, such as North Korea, which are looking to supplement their revenue streams with ill-gotten gains, the digital assets industry will continue to be looked at as a honeypot. Further employing the use of ethical hackers would be a step in the right direction to lower the risk.
Richard Gardner is the CEO of Modulus. He has been a globally recognized subject matter expert for more than two decades, offering complex insight and analysis on cryptocurrency, cybersecurity, financial technology, surveillance technology, blockchain technologies and general management best practices.
Featured Image: Shutterstock/KumaSora/Sensvector
