U.S. CISO wants to lean on freelance hackers to improve .gov security

[QuoVadis]

The first U.S. CISO outlined Tuesday a series of strategic plans he hopes to execute during his tenure, including the possible expansion of a massive bug bounty program across all .gov domains. Gregory Touhill, formerly the deputy assistant secretary for cybersecurity and communications in the Department of Homeland Security’s Office of Cybersecurity and Communications, was named to the CISO position roughly six months after the White House first announced plans — via the Cybersecurity National Action Plan, or CNAP — to create such an office. He is primarily responsible for leading cyber practices across federal agencies.

 

“You’re going to see us do an increased push to field and use the tools and capabilities of CDM, continuous diagnostic and mitigation, so we can better do the right things the right way. It’s not just the technology, it’s also creating some new capabilities that have not been there before; such as actively looking with hunt teams through .gov for hackers, it’s improve our pen testing, it’s incorporating software assurance and perhaps a bug bounty across the federal government,” Touhill said during a speech at the 2016 AFCEA Cybersecurity Summit.

 

He added, “frankly, if I had it my way, we would do a bug bounty across .gov and the program office in charge of the source code would reimburse the bug bounty pool once a bug is discovered.”

 

Full article: http://fedscoop.com/u-s-ciso-wants-to-lean-on-freelance-hackers-to-improve-gov-security

 

 

 

P.S. - bre @Byte-ul vezi ca te vor muricanii de mascota

 

"One of his related ideas in this space is a cybersecurity awareness campaign aimed at children, which centers on a McGruff the Crime Dog-like mascot named “Byte.”