Omaha-area voters are likely to face the state’s most competitive congressional race in 2024. (Getty Images)
LINCOLN — To ensure the security of Nebraska elections and state computer networks, one lawmaker proposes hiring an “ethical hacker” who would try to breach such systems.
Legislative Bill 1303, introduced by State Sen. Loren Lippincott of Central City, would add an “ethical hacker” to the Nebraska State Patrol’s staff. The hacker’s chief duties would be to attempt to hack into election hardware or software and the state’s computer networks or systems that might be targets of malicious or criminal activity.
“This individual, equipped with specialized knowledge and skills, will serve as a vigilant sentinel, constantly monitoring, detecting and thwarting potential cyber instructions and attacks,” Lippincott said Thursday.
Lippincott told the Government, Military and Veterans Affairs Committee that LB 1303 would be a “proactive stance” in mitigating cyber vulnerabilities that would ensure the integrity and security of state systems and electoral infrastructure.
“If we are testing our systems from multiple sides, we can only be made stronger from the vulnerabilities found and then secured,” Lippincott continued.
The ethical hacker’s work to attempt to breach election systems, Lippincott said, may be “either imperative or unnecessary,” a difference of monotony or needed protection for the state.
No one testified for or against LB 1303. Four letters were submitted in support.
In one letter, David Russell, director of digital solutions for NMPP Energy, a coalition of four organizations in the Midwest and Rocky Mountain regions, said the “pivotal legislation” is a “critical step forward in safeguarding our state’s critical digital infrastructure.”
“Cyber security is an ever-evolving challenge that requires proactive and innovative solutions,” wrote Russell, a certified government chief information officer through Rutgers University.
Lippincott said he got the idea for LB 1303 from one of his nephews, who works as an ethical hacker, and the senator read a text from his nephew saying that organizations need both defensive and offensive security.
“If an organization is responsible for securing sensitive data of any kind, they must think like the enemy and be able to defend themselves from those enemies,” Lippincott said, quoting his nephew’s text.
A fiscal note prepared by the State Patrol estimates it would cost $150,000 to hire an external entity or corporation rather than a single ethical hacker as intended. This would be best practice, and industry standard, the State Patrol said. Costs for annual remediation measures, such as equipment or software, is estimated at $50,000.
Lippincott said he originally asked for a $100,000 salary for one hacker “strategically” positioned outside of the Nebraska Secretary of State’s Office for accountability and balance.
The committee took no immediate action on LB 1303.
GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX
Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site.