WASHINGTON – Today, the U.S. Senate Homeland Security and Governmental Affairs Committee passed the bipartisan Hack Department of Homeland Security (DHS) Act, which was introduced by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH). The bill, which is also cosponsored by Senators Claire McCaskill (D-MO) and Kamala Harris (D-CA), would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.
Bipartisan companion legislation has also been introduced in the U.S. House by Congressmen Ted Lieu (D | Los Angeles County) and Scott Taylor (R | Virginia).
“The Department of Homeland Security is a prime target for cyberattacks that can threaten the safety, security, and privacy of millions of Americans, and the Department must do everything in its power to protect the American people from these threats,” Senator Hassan said. “Employing patriotic, ethical hackers who can help identify weaknesses in the Department’s cyber systems is a common-sense step that has been successfully utilized in the private sector, and I will continue working with Senator Portman and colleagues from both parties to pass this important legislation into law.”
“The networks and systems at DHS are vital to the security of Ohioans and all Americans. It is imperative that we take every step to protect our DHS networks from the threats they face every day. One important tool would be to incentivize ethical hackers in the private sector to find vulnerabilities before bad actors do. I applaud the Homeland Security and Governmental Affairs Committee for approving this important bill and look forward to working with Senator Hassan to continue building support in the Senate to protect DHS from cyber threats,” Senator Portman said.
As the Department in charge of helping to secure all “.gov” domains, as well as critical infrastructure throughout the country, DHS must ensure that its own networks and information technology are free from unintended or unidentified vulnerabilities. The Hack DHS Act will establish a bug bounty program based on the Department of Defense’s pilot program. Under the bill, payments would be provided to white-hat hackers that identify unique and undiscovered vulnerabilities in DHS’s networks and data systems. These white-hat hackers must submit to a background check to help ensure that these individuals do not pose a threat. Additionally, the DHS Secretary must work with the Attorney General to ensure that participants in the bug bounty program do not face prosecutions for their specific work in the program.