The U.S Department of Homeland Security (DHS) said the recent launch of its Hack DHS bug bounty program represents an effort to identify potential agency cybersecurity vulnerabilities while increasing cybersecurity resilience.
“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” DHS Secretary Alejandro N. Mayorkas said. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our nation’s cybersecurity.”
Through Hack DHS, the agency vetted cybersecurity researchers invited to access select external DHS systems to identify vulnerabilities that perpetrators could exploit so they can be patched. The hackers are slated to be rewarded with payments for the bugs they identify.
Hack DHS is slated to be executed in three phases throughout Fiscal Year 2022, targeting the development of a model to be utilized by other organizations across every level of government as a means of increasing cybersecurity resilience.
The initial phase will consist of hackers conducting virtual assessments on certain DHS external systems; the second phase will involve hackers participating in a live, in-person hacking event; and the final phase will call for DHS to identify and review what was learned and plan for future bug bounties.