Cyber warfare could and has come in many forms, from covertly accessing critical information through network vulnerabilities, to essentially manipulating and shutting down virtually any system that relies on some form of digital communication. We’ve heard many times about the need for addressing such vulnerabilities that could compromise our defensive and civilian infrastructure. That’s why some believe we should be enlisting the help of hackers, even as some companies and organizations prefer to simply shut out such possibilities.
The idea of inviting individuals to hack into a critical system may not sit well with some, and for any number of reasons, but others are embracing the idea—pointing out that if we let “friendly” security breaches and hacks reveal the cracks in a system, that gives us the opportunity to fix them before real threats can wreak all manner of havoc.
“Joshua Corman, founder of I Am The Cavalry, an organization focusing on issues where computer security intersects with public safety, feels the furor over [former FBI detainee and security expert and founder of One World Labs, Chris] Roberts has overshadowed a potentially serious problem. ‘Everyone is focused on what Chris Roberts did or did not do, and I think it distracted from a simple question – what can any one passenger do from the passenger cabin to affect the flight of the airplane? If the answer is anything except “absolutely nothing” then it’s the wrong answer.’ Patrick Nielsen, senior security researcher at Kaspersky Lab, says the real issue is researchers being shut out. ‘It’s very hard to do research on airplanes or any critical infrastructure security because it requires you to get access to those systems in a safe environment, so you don’t have to play with them in the air like Chris Roberts said he did.’”
Do you think that more companies should be seeking the help of willing hackers for the sake of better security against malicious hacking? Has your company or organization considered this issue? Share your thoughts on this subject in the comments.