U.S. Sens. Martin Heinrich (D-NM) and Angus King (I-ME) recently urged the Obama administration via letter to work with Congress to strengthen the government’s ability to detect and repair cybersecurity vulnerabilities within U.S. networks.
The letter requested the president help in establishing uniform policies across government agencies that would secure domestic networks and establish a comprehensive review process to detect vulnerabilities to private sector companies for repair.
“Given the growing threat to our nation’s networks and digital services, we write to urge you to work with us to establish enduring government policies for the discovery, review, and sharing of security vulnerabilities,” the letter said. “The recent intrusions into United States networks and the controversy surrounding the Federal Bureau of Investigation’s efforts to access the iPhone used in the San Bernardino attacks have underscored for us the need to establish more robust and accountable policies regarding security vulnerabilities.” The senators referenced the success of the U.S. Department of Defense’s Bug Bounty program, which rewards hackers who both detect and report security vulnerabilities within DOD networks. Since the program’s inception, 250 of the 1,410 fully-vetted U.S.-based hackers successfully found vulnerabilities and 138 submissions were found to be eligible for reward.
“We believe such programs represent a cost-effective way to supplement and support the people who defend our government’s IT systems, and these efforts should not be limited to the Pentagon’s networks,” the letter said. “As such, we request that your administration work with us to establish standards and appropriate coordination platforms to build on the success of the Department’s pilot and promote government-wide bug bounty programs.”