WhiteHat Provides Free Vulnerability Discovery Services to Gov’t Agencies

As part of an effort to help chronically underfunded government agencies combat state-sponsored cyberattacks, WhiteHat Security, a unit of NTT, has decided to offer free of charge two services it provides for discovering vulnerabilities before and after application code is deployed to federal, state and municipal agencies in North America.

Company CEO Craig Hinkley said the decision to make WhiteHat Sentinel Dynamic and Sentinel Source Essentials Edition available for free to government agencies is motivated by civic duty. A native of Australia, Hinkley moved to the U.S. 23 years ago and last year became a U.S. citizen. State-sponsored attacks against election systems are nothing less than an attack on democracy, he said.

Citing data compiled by the Center for Strategic & International Studies, recent examples of state-sponsored cyberattacks against applications and websites included are of increasing concern, with recent examples include the theft of login credentials from government agencies in 22 countries across Asia, Europe and North America and hacking campaign that kicked more than 2,000 websites offline in Georgia.

At the same time, North Dakota officials this week disclosed cyberattacks aimed at the state government nearly tripled last year. Shawn Riley, North Dakota’s chief information officer and head of the Information Technology department, disclosed there were more than 15 million cyberattacks against the state’s government per month in 2019, a 300% increase year over year.

The Texas Department of Information Resources revealed it has seen as many as 10,000 attempted attacks per minute from Iran over a 48-hour period on state agency networks, while the U.S. Coast Guard (USCG) issued a security bulletin after revealing that one of its bases had been knocked offline last month by a Ryuk ransomware attack. Even small school districts are being impacted by cybersecurity: Richmond, Michigan, a small city near Detroit, recently announced that students would be enjoying a few extra days of holiday break this year while its school system recovered from a ransomware attack.

A recent report published by Emisoft, a provider of endpoint security software, estimates attacks against roughly 966 government agencies, educational institutions and healthcare providers created costs in excess of $7.5 billion.

Clearly, a lot of focus on cybersecurity attacks is on state and local governments that are responsible for ensuring the integrity of elections. Just this week, a bipartisan bill was proposed calling for the director of the Cybersecurity and Infrastructure Security Agency to appoint a cybersecurity state coordinator in each U.S. state.

Hinkley said it’s apparent government agencies don’t have the resources required to thwart attacks being launched by states themselves or rogue organized groups acting to advance their interests. By making available cybersecurity vulnerability assessment services for free, WhiteHat Security is moving to help agencies identify vulnerabilities in websites and applications that could be easily exploited, he said.

Making that capability available as a service should make it easier for both application developers and cybersecurity teams to scan for vulnerabilities before and after an application is deployed. It may even help foster the adoption of best DevSecOps practices within government agencies, Hinkley noted.

State-sponsored cybersecurity attacks have become a global issue. Concerns about such attacks have risen sharply as tensions in the Middle East continue to rise. The challenge now is how best to thwart those attacks before they are launched by eliminating as many existing vulnerabilities as possible.

Michael Vizard

Featured eBook
Identifying Web Attack Indicators

Identifying Web Attack Indicators

Attackers are always looking for ways into web and mobile applications. The 2019 Verizon Data Breach Investigation Report listed web applications the number ONE vector attackers use when breaching organizations. In this paper, we examine malicious web request patterns for four of the most common web attack methods and show how to gain the context and ... Read More
Signal Sciences
Michael Vizard

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 185 posts and counting.See all posts by mike-vizard