If it were up to coalition party D66 and the opposition parties PvdA and Volt, ethical hackers would get more appreciation for their work. They argue for a multi-year financial arrangement if they expose serious vulnerabilities. They ask the cabinet to create a money pot.
This is according to a motion submitted by Lisa van Ginneken (D66), Barbara Kathmann (PvdA) and Marieke Koekkoek (Volt) during consideration of the budget of the Ministry of the Interior and Kingdom Relations (1).
Hackers come in many shapes and sizes. The hackers you often hear and read about are mostly black hat hackers. These are criminals who break into company systems and networks without permission and do malicious things like installing malware or stealing and blocking confidential information.
Security specialists who detect vulnerabilities with explicit permission by breaking into applications and other software are called white hat hackers. Hackers who do this from an ethical perspective are known as ethical hackers. They do this not to make money, but to expose serious vulnerabilities and exploits.
Then there is such a thing as a grey hat hacker. This is someone who breaks into a system without permission, finds a vulnerability and does not take advantage of it. He reports the bug to the website owner, but expects a financial reward for his discovery. If not, he threatens to tarnish the owner's reputation.
Finally, you also have green hat hackers, blue hat hackers, red hat hackers and script kiddies. In our background article "What is a hacker?" you can read more about these types of hackers.
Ethical hackers play an important role today. Not only do they expose programming errors and other bugs, they ensure that we can surf safely online. Some examples.
In late 2020, Twitter appointed ethical hacker Peiter Zatko as head of its security department. The Hague municipality annually invites ethical hackers to test the security of its computer systems. And last June, an ethical hacker managed to crack two electronic signs at a shopping center along the A2. "This sign is not secure! Please set a password ASAP! Greetings :)," he wrote.
Of course, we cannot forget the Dutch Institute for Vulnerability Disclosure (DIVD). That is a Dutch organization that scours the Internet for vulnerable systems and zero day exploits in software programs to protect companies and their customers from malicious hackers and cybercriminals.
DIVD volunteers almost managed to prevent the supply chain attack on U.S. company Kaseya in July 2021. They discovered a number of critical security problems. But before they could fix them, the attack took place. "If we had had a little more time, we would have succeeded," Wietse Boonstra and Frank Breedijk of DIVD told us at the time.
For their part in fighting cybercrime, the DIVD received a $100,000 donation from the U.S. security firm Huntress early this year.
D66, PvdA and Volt write in their motion that ethical hackers play "a crucial role" in identifying digital vulnerabilities, both at vital companies and others. In doing so, they protect our society and economy from sabotage and espionage. They do this on a voluntary basis, which carries risks in terms of continuity.
The groups think it is important to have "a sustainable structure" where knowledge and cooperation are combined. Therefore, they request Minister Hanke Bruins Slot of the Ministry of the Interior and Kingdom Relations to open a "multi-year subsidy scheme for sustainable funding of ethical hacker collectives" next year.
The parties suggest that there is financial room in the budget for this. Policy Article 36 of the department's budget is for what is known as "uncommitted space. Think of it as a reserve pot for unforeseen activities.
The House of Representatives has yet to vote on the motion. Should a majority of the House agree to it, that is not yet a guarantee that the Cabinet will implement it. A motion is nothing more than a wish of parliament. The cabinet has the freedom to disregard it.
https://www.tweedekamer.nl/kamerstukken/moties/detail?id=2022Z21947&did=2022D47345
