iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Belgium has made moves to protect ethical hackers, with a new framework that is the first of its kind in the EU.
Ethical hacking, also known as white hat hacking, refers to cases where hackers breach an organisation’s security and access data, purely for the intention of identifying vulnerabilities, and then relaying them to the targeted organisation in an effort to help it better secure its data.
These hackers are often employees or contractors of the targeted business. A hacker must legally have the permission of the business to breach its network.
The new framework, which is run by the Centre for Cyber Security Belgium (CCB), entails a vulnerability reporting system, which provided that they meet specific criteria, protects white hat hackers from prosecution.
Laid out in the CCB vulnerability disclosure policy (VDP), ethical hackers must meet the following criteria:
The full criteria details can be found on the CCB website.
While Belgium is not the first country in the EU to provide ethical hackers with forms of protection, the new CCB framework is the closest to providing all-inclusive safeguards.
Other countries such as Lithuania only provide protection in regards to critical infrastructure, while France and Slovakia do not provide “full legal protection”, according to CCB legal officer Valéry Vander Geeten in an interview with The Daily Swig.
The US Department of Justice announced last year that White Hat hackers would be protected from prosecution, rewinding a decision made in 2014 that changed the Computer Fraud and Abuse Act (CFAA) that blanket outlawed "any conduct that victimizes computer systems".
In Australia, while there is no specific framework or body to protect white hat hackers from prosecution, there are a number of specific conditions in legislation that allow for ethical hackers to operate.
The Computer Misuse and Cybercrime Act 2001 (Cth) for instance, makes it illegal to modify a network or system without permission. However, in the case of ethical hacking, there is an exception for individuals to gain unauthorised access for testing purposes, provided they have the owner’s permission.
Furthermore, the NSW government announced last year that it was looking to introduce changes to criminal legislation to promote and protect white hat hacking.
According to CyberWire, as of November, the state government is working on establishing a cyber security vulnerability disclosure policy.
“The vulnerability disclosure policy will provide clear expectations for all NSW government agencies and the public about how the government will handle reports of identified vulnerabilities,” said a spokesperson from Cyber Security NSW.
Be the first to hear the latest developments in the cyber industry.
