Russia Seeks to Legalize “White Hacker” Activities

Russia is working on a legal framework to recognize and regulate the activities of “white hat” or ethical hackers.

This move may become part of the national project “Data Economy,” according to Artem Sychev, Advisor to the CEO of Positive Technologies. Sychev also believes that vulnerability testing by ethical hackers should become a mandatory practice for various sectors, including public institutions.

The Federation Council is currently reviewing potential legislative changes to enable a broader range of companies to utilize white hackers for cybersecurity purposes.

Sychev explained that the goal is to ensure that companies, including those in the public sector, can safely check their data systems for vulnerabilities.

White hackers, or ethical hackers, simulate cyberattacks on a company’s infrastructure to identify weaknesses, much like a real hacker would. However, their activities are fully sanctioned by the client, and their findings help improve the company’s security.

Sychev also suggested that these specialists should be referred to as “independent researchers,” given their ability to work across multiple areas of information security.

He cited an example where the head of the SMM department at Positive Technologies found a vulnerability on a bug bounty platform.

In December 2023, a bill aiming to formalize the role of white hackers in Russia was introduced to the State Duma. The legislation has since gained the support of the State Duma Committee on State Building and Legislation.

However, Sychev emphasized that the bill will only be considered a success once it passes the second reading.

This effort is not limited to government action. In 2023, Yandex paid 70 million rubles to ethical hackers for identifying security flaws in its systems, highlighting the growing recognition of white hackers’ contributions.

Source: TASS