Cyber experts leveling the playing field and disrupting threat actors
In technology circles, it’s a well-known and often lamented fact that technology and cybersecurity have a habit of moving at a much faster pace than policy. “Hackers on the Hill” (HotH) is a program that works to bridge this gap by bringing hackers and policymakers together to address technology policy matters, learn how to understand and communicate with each other more effectively, and hold breakout sessions with Congresspeople, Senators, and their aides and staff to work on specific issues.
The Hackers on the Hill contingent gathers in the Indian Treaty Room of the White House Campus
This year’s HotH was a little different, and it was an exciting evolution from my perspective as a career advocate for hackers as part of the solution, not just the problem. After the morning sessions on Capitol Hill, Bugcrowd was proud to be invited into a smaller group that headed across to the White House.
The White House West Wing, otherwise known as “The Most Surveilled Piece of Land on Earth”
On a gray DC day just over a month ago, myself and around 30 other hackers went through security screening at the southwest entrance of the White House — with varying degrees of difficulty, but all with eventual success. Once that clearance was behind us, a thoroughly surreal and incredibly significant event was about to take place: The first “Hackers on the Hill” group was to meet with the Office of the National Cyber Director (ONCD), and ultimately provide input on the National Cyber Strategy.
Casey Ellis and Beau Woods, security researcher, in the White House
On a personal note: Aside from the thrill that comes from setting foot in the White House, the thing that struck me first is also why I think this was such an important milestone: These are people I’ve worked with to help reform the popular understanding and opinion of hackers for, in some cases, decades, and now we were experiencing the opportunity to explore and influence the North American seat of power as a community. Over the last 10 years, there have been a growing number of events that have validated, legitimized, and promoted hackers as an important part of the Internet’s immune system. This event brought the input of security researchers to the very top of Western power, as a collective.
Just some White House tourist things before getting down to business…
There were Chatham House sessions with members of the ONCD, Clare Martorana (the Federal CISO), and Chris Inglis (the former director of the ONCD), a panel on “A Day in the Life at the EOP” with representatives from the ONCD, OMB, and the NSC, and an overview of the draft National Cyber Strategy. Overall, it was a great introduction to the Executive Office of the President (EOP) and the strategy itself, and it set the stage for the working groups. Bugcrowd was asked to join the working group that was working on coordinated vulnerability disclosure, which was one of the main parts of the strategy.
The National Cybersecurity Strategy document on which we provided input was released today. For Bugcrowd, the significance was squarely around the opportunity to participate and provide input on a document that is sure to set the expectations and tone for the relationship between builders and breakers – rebalancing the responsibility for cybersecurity, and elevating it from a niche domain to one that is truly approached as a team sport, including soliciting the input of the hacker and security research community itself.
Why It Matters
The focus of the strategy is rebalancing responsibility. From its inception, Bugcrowd’s vision has been to “level the cybersecurity playing field” by helping defenders engage the creativity of the good-faith hacker community to shift the resourcing and economic advantage away from the attacker. To defeat an army of adversaries, you need an army of allies, and the inclusion of Coordinated Vulnerability Disclosure in the National Cyber Strategy as well as the invitation to the hacker community to give input into its formation bode well for the future of crowdsourced security.
Bugcrowd, representing the global ethical hacker community, in the White House – something we can all be proud of!