Encouraged by the Department of Homeland Security (DHS), more than 450 vetted security researchers and ethical hackers rooted through select external DHS systems and turned up 122 vulnerabilities, earning a cash prize for their efforts.
The first phase of the Hack DHS buck hunting program determined 27 critical exploits among the lot last week from found and reported log4j vulnerabilities. Participants looked at public-facing information system assets. In this way, the department used them to identify and end vulnerabilities it otherwise may not have noticed until it was too late.
“Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity,” Secretary of Homeland Security Alejandro Mayorkas said. “Hack DHS underscores our Department’s commitment to lead by example and protect our nation’s networks and infrastructure from evolving cybersecurity threats.”
The program launched near the end of last year, and DHS is hopeful its model could eventually be utilized by other governmental organizations to aid cybersecurity resilience throughout. For DHS, the program will cover three phases. The second will bring participants back for a live, in-person hacking event. In the third and final phase, DHS will identify lessons learned by its efforts.
For the first phase, DHS awarded $125,600 to those who identified verified vulnerabilities.