政府中的网络安全创新:美国五角大楼漏洞奖励计划的案例研究

Proceedings of the 18th Annual International Conference on Digital Government Research Pub Date : 2017-06-07 DOI:10.1145/3085228.3085233

A. Chatfield, C. Reddick

{"title":"政府中的网络安全创新:美国五角大楼漏洞奖励计划的案例研究","authors":"A. Chatfield, C. Reddick","doi":"10.1145/3085228.3085233","DOIUrl":null,"url":null,"abstract":"The U.S. federal governments and agencies face increasingly sophisticated and persistent cyber threats and cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo have adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. This paper examines the Pentagon's VRP and examines how it may fit with the national cybersecurity policy and the need for new and enhanced cybersecurity capability development. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture.","PeriodicalId":416111,"journal":{"name":"Proceedings of the 18th Annual International Conference on Digital Government Research","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Cybersecurity Innovation in Government: A Case Study of U.S. Pentagon's Vulnerability Reward Program\",\"authors\":\"A. Chatfield, C. Reddick\",\"doi\":\"10.1145/3085228.3085233\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The U.S. federal governments and agencies face increasingly sophisticated and persistent cyber threats and cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo have adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. This paper examines the Pentagon's VRP and examines how it may fit with the national cybersecurity policy and the need for new and enhanced cybersecurity capability development. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture.\",\"PeriodicalId\":416111,\"journal\":{\"name\":\"Proceedings of the 18th Annual International Conference on Digital Government Research\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th Annual International Conference on Digital Government Research\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3085228.3085233\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th Annual International Conference on Digital Government Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3085228.3085233","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

摘要

美国联邦政府和机构面临着越来越复杂和持续的网络威胁和来自黑帽黑客的网络攻击，这些黑客为了恶意目的或个人利益而破坏网络安全。随着恶意攻击的增加，造成了难以估量的经济损失和巨大的声誉损失，谷歌、微软和雅虎等私营高科技公司采用了一种创新的做法，即漏洞奖励计划(VRP)或漏洞赏金计划，即从网络安全社区众包软件漏洞检测。为了与2016年美国网络安全国家行动计划保持一致，国防部于2016年采用了VRP试点。本文研究了五角大楼的VRP，并研究了它如何适应国家网络安全政策以及对新的和增强的网络安全能力发展的需求。我们的案例研究结果表明，政府采用和实施VRP创新概念以提高政府网络安全态势的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cybersecurity Innovation in Government: A Case Study of U.S. Pentagon's Vulnerability Reward Program

The U.S. federal governments and agencies face increasingly sophisticated and persistent cyber threats and cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo have adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. This paper examines the Pentagon's VRP and examines how it may fit with the national cybersecurity policy and the need for new and enhanced cybersecurity capability development. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 18th Annual International Conference on Digital Government Research

自引率

0.00%

发文量