On Lawfare, Michael Sulmeyer likes the new bill that will help protect elections from foreign meddling. He particularly likes the bounty program:
Only in the final two pages of the bill are readers presented with one of the most innovative moves in election cybersecurity: a volunteer bug bounty program called Hack the Election. (This portion of the bill seems to take its inspiration from a piece of previously-introduced legislation by Heinrich and Collins called the Securing America’s Voting Equipment (SAFE) Act of 2017.) Bug bounties are not new, as companies have often sought the assistance of white-hat hackers to find and fix potential cybersecurity flaws before malicious hackers can exploit them. …
Bug bounties don’t solve everything, but they offer institutions an avenue to receive cybersecurity advice about where to focus limited resources. If the military’s bureaucracy could find a way to let hackers on to their networks to search for vulnerabilities, election officials should be able to do the same. There will be those who point to the risks of authorizing hackers to hack, but that’s why DoD created a process to screen those who would participate in the bounty first.
The hope is that a program like Hack the Election can offer states yet another way to improve their insight into the potential cybersecurity risks that they need to mitigate. Jurisdictions and administrators still must address whatever vulnerabilities the hackers discover. But the ability to take advantage of the collective experience of a vetted set of hackers is one that shouldn’t be passed up, so I am pleased to see that the Election Security Act creates a way forward for states to do so.
I wonder what level of expertise will be required to be an effective hacker. My late friend Nancy used to delight in knocking over the old BBS software for which I was responsible, and I’ll bet she would loved to take a shot at this, too.
