The state of Maryland has unleashed a team of computer experts and enthusiasts on a number of the state’s websites. The mission: to see if they could find weak spots in the state’s domains that end in “maryland.gov,” “us.md.gov” or “state.md.us.”
“We found more than 40 vulnerabilities,” said Chris Krawiec, senior director of cyber resilience with the Maryland Department of Information Technology.
When asked about where those weak spots on the state’s websites were found, Krawiec told WTOP he “can’t speak on specifics on vulnerabilities for security reasons, but what I can say is that largely speaking, all of our agency partners were very responsive.”
The goal is to plug any holes in security that could present a security risk, including something like “an exposure of resident data,” Krawiec said.
Krawiec explained that the “bug bounty” method of detecting problems with security on the state’s websites is similar to the model used by federal agencies, where participants are hired to find bugs and are only paid if they do detect them.
“When we do a bug bounty, it’s a pay-for-performance type style engagement,” he said, where the researchers are not paid unless they find a vulnerability.
When it comes to the cost of remediation, Krawiec said, “These are generally assets or applications that are already being managed by their state agencies or our partners in this program,” so there’s not typically an extra cost associated with instituting the fixes.
Krawiec said that the recent study of the state’s cybersecurity status is a first for the state.
“It is definitely something that we’re considering expanding,” he said.
The bug bounty approach to scouring the state’s websites is something that’s been used at the federal level, Krawiec told WTOP. And it’s very cost-effective, at about $100,000.
“From a cost perspective,” Krawiec said, “that’s testing almost the entirety of the public-facing infrastructure of the state for $100,000.”
Get breaking news and daily headlines delivered to your email inbox by signing up here.
© 2024 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.
