LINCOLN, Neb. (AP) — One state lawmaker wants Nebraska to take measures to protect it from cyberattacks. His answer? Hire its own hacker.
State Sen. Loren Lippincott presented a bill Thursday to the Legislature’s government committee that would give the Nebraska State Patrol $200,000 to hire “an ethical hacker.” The hacker would spend his or her days trying to break into the state’s computer network, as well as election equipment and software, to find any vulnerabilities in those systems.
Lippincott said he got the idea from a nephew of his who did similar work. The lawmaker’s staff did not find other states that have hired independent hackers, although Missouri has hired a company that employs “white hat hackers” to provide that service.
“We hope to lead the way,” Lippincott said.
His bill also would allow hiring a security company that provide hackers to find weaknesses in the state’s system.
Security challenges continue to grow for state and local election officials across the country, including potential cyberattacks waged by foreign governments, criminal ransomware gangs and election misinformation that has led to harassment of election officials and undermined public confidence.
Lippincott presented the bill on the heels of FBI Director Christopher Wray’s warning that Chinese government hackers are targeting critical U.S. infrastructure, including water treatment plants, the electrical grid and transportation systems.
The Nebraska bill’s hearing was also held on the same day that the U.S. Cybersecurity and Infrastructure Security Agency launched a program aimed at boosting election security in the states and after a recent cyberattack on government operations in Georgia that has created some elections challenges ahead of that state’s March presidential primary.
“This idea is that an ethical hacker can find vulnerabilities that can be fixed before they can be exploited by bad actors,” Lippincott said. “They can say, ‘Here’s the hole in the dike.’”
Lippincott’s hacker-for-hire bill accompanies an $11 million cybersecurity bill also presented to the committee Thursday that would give the state’s chief information officer, local governments and school districts more ability to bolster cybersecurity through the purchase of security software and hardware, training and preparedness drills.
The bills drew a handful of supporters and no opponents at Thursday’s hearing. The committee will decide in the coming days whether to advance the proposals. If advanced, they would have to survive three rounds of debate to be passed in Nebraska’s unique one-chamber Legislature.