Late last year, two hackers breached United States Air Force software and found their way into an unclassified Department of Defense computer network. Instead of jail time, the U.S. government handed the culprits $10,000, a reward for discovering the astounding lapse in security.
Researchers Brett Buerhaus and Mathias Karlsson weren’t Mountain Dew-swilling miscreants, they were thoroughly-vetted “white hat” hackers who were helping the government boost its cyber defences — and making some cash in the process.
But while the Trump White House forges ahead with ideas pioneered and lauded in Silicon Valley, Canada’s government has no plans for similar bug bounty programs.
The $10,000 reward Buerhaus and Karlsson earned was a new record high for the cyber defence programs that are spreading like wildfire in the U.S. government. White hats — as opposed to their law-breaking counterparts, the black hats — have been invited to Hack the Pentagon, Hack the Army and Hack the Air Force. Congress is working hard to approve programs in more departments and, inevitably, some lucky hackers will be able to blow off some steam by hacking the IRS.
Showing an almost government-wide consensus, an IT modernization report the Trump White House released in December even called for more bug bounty programs as a way to counter the growing number of cyber attacks on government systems.
Asked if they were considering such programs, Canada’s Departments of Defence, Public Safety and Shared Services all passed the questions along to the Communications Security Establishment, the country’s electronic communications spying agency. (Public Safety is the lead department on cyber security and Shared Services runs IT for the government.)