On September 8, 2024, Prime Minister Robert Abela announced a significant legislative reform aimed at protecting and regulating ethical hackers in Malta. During an interview on ONE, Abela identified a critical gap in the current legislative framework surrounding ethical hacking and cybersecurity. He stressed the necessity for new regulations to clearly define what constitutes ethical hacking, ensuring that it is conducted responsibly and within legal limits. The proposed changes are designed to prevent the practice from becoming a “free-for-all” and to establish clear guidelines on the compensation that white hat hackers can request and receive.
The impetus for this reform stems from a recent case involving graduates Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri, and their lecturer, Mark Joseph Vella. The individuals discovered significant security vulnerabilities in the FreeHour application and reported them to the company in October 2022. However, rather than being recognized for their efforts, they are now facing charges, a situation that Abela believes highlights the urgent need for legal clarity. The case is currently under police investigation, initiated not by FreeHour but as a result of standard procedural enforcement.
Abela defended the actions of both FreeHour and the police, acknowledging the initial shock the company might have experienced upon discovering potential security breaches. Nonetheless, he emphasized that the government must address the outdated laws that have led to the students and their lecturer facing legal challenges. The proposed reforms aim to resolve the situation amicably and ensure that such incidents do not deter individuals from engaging in ethical hacking activities that are crucial for improving cybersecurity.
The Malta Digital Innovation Authority has drafted the proposed regulations, which are scheduled to be discussed by the Cabinet on Tuesday. If approved, these regulations will be subjected to public consultation. Abela’s initiative underscores a commitment to fostering a secure digital environment while protecting those who contribute positively to cybersecurity through ethical hacking practices.
Reference:
