Bill to establish cyber bug bounty program at DHS introduced in Senate

A bill to establish a bounty program where white hats, also known as ethical hackers, identify bugs in computer systems at the U.S. Department of Homeland Security (DHS) in order to strengthen cyber defenses was recently introduced in the Senate by U.S. Sens. Rob Portman (R-OH) and Maggie Hassan (D-NH).

The Hack Department of Homeland Security Act will model its bounty program in a similar fashion to that of other bounty programs currently in place at the U.S. Department of Defense and major tech companies like Google and Apple.

The act would provide a lump sum to each ethical hacker who identifies and reports bugs to the vendor, in this case being DHS. These activities take place without criminal charges so long as each white hat abides by a pre-determined, strict set of rules. Monetary payments would be provided for each undiscovered vulnerability in DHS’s networks and data systems.

To become a white hat for DHS, each individual must first register with the department and submit to a background check to ensure that each individual does not pose a serious threat to security. The DHS Secretary must also work with the Attorney General to make sure that participants in the program do not face any criminal charges for their participation in the program.

U.S. Sens. Kamala Harris (D-CA) and Claire McCaskill (D-MO) signed onto the bill as cosponsors.

“The networks and systems at DHS are vital to our nation’s security. It’s imperative that we take every step to protect DHS from the many cyber attacks they face every day,” Portman said. “One step to do that is using an important tool from the private sector: incentivizing ethical hackers to find vulnerabilities before others do.”