Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS | Threatpost
Hackers will soon be able to poke holes in networks and systems belonging to the Department of Homeland Security if four senators get their way and a bill is passed that would institute a DHS bug bounty similar to programs recently implemented for the Army, Air Force and Pentagon.
The bill, known as the Hack Department of Homeland Security (DHS) Act, was introduced last Thursday.
Sen. Maggie Hassan (D-NH) sponsored the bill, which would establish a bug bounty pilot program within the DHS. Senators Rob Portman (R-OH), Claire McCaskill (D-MO), and Kamala Harris (D-CA) are all listed as cosponsors, according to Congress.gov, which tracks U.S. government legislation, bills, and votes.
“Federal agencies like DHS are under assault every day from cyberattacks. These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help,” Senator Hassan said in a press release issued Friday.
“The Hack DHS Act provides this help by drawing upon an untapped resource—patriotic and ethical hackers across the country who want to stop these threats before they endanger their fellow citizens. This bipartisan bill take the first step to utilize best practices from the private sector to harness the skills of hackers across America as a force multiplier against these cyber threats. I will work with members of both parties to move this important bill forward,” Hassan said.
The bill, listed as S. 1281 in the 115th Congress on Congress.gov, would help the DHS ensure that its website and data systems are free of unintended vulnerabilities, Hassan said. Under the bill, white hat hackers would earn money for identifying “unique and undiscovered vulnerabilities” in DHS’s networks and data systems.
Similar to programs recently implemented by the U.S. Army and Air Force, hackers would haver to register with the DHS and undergo a background check to verify the individual isn’t a threat.
The bill was read twice last Thursday and referred to the Committee on Homeland Security and Governmental Affairs which will consider it before ultimately sending it to the House or Senate.
If passed the program would follow in the footsteps of the Department of Defense’s Hack the Pentagon program, launched last April, the U.S. Army’s Hack the Army program, launched last November, and the U.S. Force’s Hack the Air Force program, launched just last month.
Each program has used HackerOne’s bug bounty platform to help coordinate vulnerability reports between hackers and government agencies.
The programs have largely been a success. In June last year, Secretary of Defense at the time Ash Carter, said the DoD awarded roughly $75,000 to hackers as part of its Hack the Pentagon program. The program yielded 138 legitimate vulnerabilities. In January the Army announced that it had paid out close to $100,000 to hackers for finding 118 vulnerabilities in Pentagon public-facing websites.
“The networks and systems at DHS are vital to our nation’s security. It’s imperative that we take every step to protect DHS from the many cyber attacks they face every day,” said Sen. Portman. “One step to do that is using an important tool from the private sector: incentivizing ethical hackers to find vulnerabilities before others do.”
Photo credit: Barry Bahler/DHS