TIME: Why We’re Encouraging Ethical Hackers to Try and Hack the Department of Homeland Security
By Senators Maggie Hassan and Rob Portman
From our personal devices to small businesses to government agencies and everything in between, we are seeing a growing number and complexity of cyber attacks that pose a threat to our public safety, our economy, our privacy and our security in America. Federal agencies such as the Department of Homeland Security (DHS) are particular targets for cyber attacks, which could have catastrophic consequences for our national security. The potential for disruption is immense.
For example: A disruption to the Transportation Security Administration computer systems could slow or even halt travel across the nation. Or imagine an attack on DHS’s systems that contain information on how officers detect nuclear or radiological devices crossing our border, the ways in which the Coast Guard secures our shorelines or the plans of the Secret Service to protect our country’s leaders.
According to the Department of Homeland Security, its networks are regular targets. While it might seem counterintuitive, one of the best ways to protect places like DHS is actually to recruit hackers to attempt to hack into its own systems and networks. We’re not talking about just any hackers, of course. Instead, we would draw upon an untapped resource — patriotic and ethical hackers across America who want to stop cyber threats before they endanger our national security. These would be skilled, patriotic and ethical hackers (sometimes known as “white-hat hackers”) who are committed to stopping cyber threats before they wreak havoc.
That is why we worked together to introduce the bipartisan Hack DHS Act, which would establish a bug bounty pilot program — modeled off of similar programs at the Department of Defense — in order to strengthen cyber defenses at the Department of Homeland Security and prevent successful attacks from occurring. Bug-bounty programs have been around for more than two decades, and major technology companies including Google, Facebook, Amazon and Apple have all used them.
Under our bill, ethical and vetted hackers would be encouraged to try to break into DHS systems to identify vulnerabilities. For each undiscovered vulnerability that these ethical hackers find, they would receive a small monetary reward. And it would all occur under the agreement that the hackers will not face criminal charges for the activity, so long as the hackers abide by a set of strict, pre-determined rules. The bill also includes a provision to maintain security within the program by requiring participating hackers to submit to a background check.
By harnessing the skills of hackers across America as a force multiplier against cyber threats at DHS, this bipartisan bill is a commonsense measure to boost cyber defenses at the Department and, in turn, strengthen the security and privacy of millions of Americans.
There is more work to do to ensure that no federal agency, small business or everyday American falls victim to cyber attacks. But the Hack DHS Act is a step in the right direction toward strengthening cybersecurity across federal agencies.
We are pleased that in a recent hearing before the Homeland Security and Governmental Affairs Committee, Department of Homeland Security Secretary John Kelly committed to exploring the implementation of a bug-bounty program as we have proposed. In the weeks and months ahead, we will continue working across the aisle to garner support for this important bill and find innovative ways to help ensure that all of our people and our nation are safe, secure and free.