The Senate last week unanimously passed by voice vote the bipartisan Hack Department of Homeland Security (DHS) Act introduced by Sens. Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio) to strengthen cyber defenses at DHS.
The Hack DHS Act would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – that uses vetted “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.
The bill is co-sponsored by Sens. Claire McCaskill (D-Mo.) and Kamala Harris (D-Calif.).
“Protecting the Department of Homeland Security from the cyber threats that it faces every day is critical to maintaining the safety, security, and privacy of millions of Americans,” Hassan said. “The bipartisan Hack DHS Act is vital to those efforts, harnessing the talent and skills of patriotic and ethical hackers across the country to help identify weaknesses in the Department of Homeland Security’s systems and protect their fellow citizens.”
“The networks and systems at DHS are vital to the security of Ohioans and all Americans,” said Portman. “Bug bounty programs are important cybersecurity tools in the private sector and have shown promising results when used by the government. This legislation ensures DHS will execute such a program and reap the cost-effective benefits to the security of their networks and systems.”
“I look forward to continuing to work with Senator Hassan to get this bill to the president’s desk and get DHS moving forward on this important effort,” he added.
As the department in charge of helping to secure all “.gov” domains, as well as critical infrastructure throughout the country, DHS must ensure that its own networks and information technology are free from unintended or unidentified vulnerabilities, the senators argued. The Hack DHS Act will establish a bug bounty program based on the Department of Defense’s pilot program.
Under the bill, payments would be provided to white-hat hackers who identify unique and undiscovered vulnerabilities in DHS’s networks and data systems. These white-hat hackers must submit to a background check to help ensure that these individuals do not pose a threat. Additionally, the DHS secretary must work with the attorney general to ensure that participants in the bug bounty program do not face prosecutions for their specific work in the program.
Bipartisan companion legislation has been introduced in the House by Reps. Ted Lieu (D-Calif.) and Scott Taylor (R-Va.).