Dem pushes ‘ethical hacking’ resolution

A Democratic lawmaker on Wednesday introduced a resolution emphasizing the need to boost the American cybersecurity workforce by supporting programs that promote “ethical hacking.”

Ethical hackers are those who hack into computer networks to test for security vulnerabilities without malicious or criminal intent. 

Rep. Lou Correa (D-Calif.) introduced the resolution Wednesday, which would express the sense of Congress “that the United States should support the development of programs that better prepare students for careers in cybersecurity by actively promoting ethical hacking skills.” 

{mosads}

The federal government has long faced a dearth of cybersecurity professionals, given the difficulty of competing with the private sector. The challenge is not confined to the U.S. or the public sector; by 2020, an estimated 1.5 million cybersecurity jobs are expected to be unfilled globally.

An executive order signed by President Trump in May directed the Departments of Commerce and Homeland Security, in coordination with other agencies, to assess efforts, educate and train the future U.S. cyber workforce and develop recommendations to boost workforce development.

Correa indicated in a statement that supporting ethical hacking programs would have positive national security and economic implications, as well as science, technology, energy and math (STEM) education. 

“When I was young the fear was nuclear war. Now, a small piece of malicious software can bring down a power grid,” Correa said. “Investing in cybersecurity is a matter of national security. We must invest in programs that can create the next generation of cyber warriors. If we don’t invest in these programs now, we will never catch up.”

“By creating and supporting programs that prepare students for cybersecurity careers, we cannot only strengthen our nation’s security, but also get more students into STEM fields,” he said. 

So-called bug bounty programs, which pay ethical hackers to find security vulnerabilities, are becoming increasingly prevalent in the government and private sectors. According to a recent report from HackerOne, the average bounty paid to hackers for a critical vulnerability increased to $1,923 this year.