President Trump signed a legislative package Dec. 21 aimed at improving federal agencies’ cyber security risks, including establishing an inter-agency council to set IT supply chain standards and setting up the Department of Homeland Security’s first bug bounty program.
The new bill requires agencies to select representatives for the new Federal Acquisition Security Council, to be led by a senior Office of Management and Budget official, before May and directs the DHS secretary to finalize plans for the department’s ethical hacking program by the summer.
The SECURE Technology Act
brings together the Hack the Department of Homeland Security Act, Federal Acquisition Supply Chain Security Act and Public-Private Cybersecurity Cooperation Act.
Both the House and Senate unanimously approved the IT security package last month (Defense Daily. Dec. 20).
Officials on the new federal council are tasked with assessing national security threats to the federal IT supply chain and finalizing a strategic plan for addressing growing cyber risks. The new panel has until September to submit this new plan to Congress.
The DHS bug bounty program would be similar to the Department of Defense’s recent Hack the Pentagon events in which ethical hackers are invited to probe public-facing sites and receive cash rewards for discovering software vulnerabilities.
The bill calls on the DHS secretary to establish the program by June and provide a report to Congress on the results of the effort within 180 days of its conclusion.
The new package also allows private entities to more easily disclose vulnerabilities discovered in DHS networks to department officials. The bill directs the DHS secretary to report to Congress on how the department will handle these new disclosures and work with other agencies to mitigate new security flaws.