Senators Maggie Hassan (D-NH) and Rob Portman (R-OH) introduced a bill on Friday which would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and data systems.
The Hack Department of Homeland Security (DHS) Act offers cash rewards to hackers who discover vulnerabilities in Homeland Security Department websites and other public-facing tools.
Bug bounty programs, which have been implemented at major tech companies including Google, Facebook, Amazon, and Apple, allow ethical hackers to probe the vendor’s systems or networks in order to identify vulnerabilities.
For each undiscovered vulnerability that these ethical hackers report to the vendor, the vendor provides a small monetary sum. These activities occur under the agreement that the vendors will not seek criminal charges against the hacker for the activity so long as the hackers abide by a set of strict, pre-determined rules.
“Federal agencies like DHS are under assault every day from cyberattacks. These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help,” Senator Hassan said.
“The Hack DHS Act provides this help by drawing upon an untapped resource—patriotic and ethical hackers across the country who want to stop these threats before they endanger their fellow citizens. This bipartisan bill take the first step to utilize best practices from the private sector to harness the skills of hackers across America as a force multiplier against these cyber threats.”
The bill is cosponsored by Senators Claire McCaskill (D-MO) and Kamala Harris (D-CA).