From black to white: the regulation of ethical hacking in Spain

Abstract

Cyber-attacks are exponentially growing, and their impact on systems, people, and organizations increases. Among other challenges, cyber-attacks prevention must tackle the fact that many software systems are marketed with security vulnerabilities due to the companies’ need to reduce time-to-market. One strategy to reduce security vulnerabilities is ethical hacking. However, while ethical hacking can bring many advantages, it also comes with many challenges. This paper introduces a comprehensive study of the possibilities and limitations of ethical hacking in Spain, both empirical and normative. On the empirical side, the paper presents the results of a Delphi study with cyber security experts in Spain on their opinions about the regulation of ethical hacking. In the normative study, the paper critically reviews the possibilities open by the International, European and Spanish law for regulating ethical hacking. The conclusions of this paper offer a roadmap for harnessing ethical hacking to improve cyber security.