A bipartisan bill aimed at enlisting friendly hackers to try and penetrate the Department of Homeland Security’s (DHS) computer systems in order to help find weaknesses in the department’s networks was introduced in the House on Tuesday.
The five-page Hack DHS Act is a companion bill to bipartisan legislation introduced in the Senate last month to create a bug bounty pilot program for “white-hat” hackers to help identify vulnerabilities in DHS networks and data systems (Defense Daily, May 26).
The bill was introduced in the House by Reps. Ted Lieu (D-Calif.) and Scott Taylor (R-Va.). Lieu sits on the Foreign Affairs and Judiciary Committees and Taylor is on the Appropriations Committee.
The legislation is intended to give DHS the authorities to model a similar program being used at the Department of Defense to strengthen its cyber posture from attackers and other threats.
“There is perhaps no better way to find weaknesses in our cyber armor than to enlist the help of America’s top security researchers,” Lieu said in a statement. “As a computer science major, I recognize that bug bounty programs have proven critical to enhancing cyber security at the Pentagon and in the private sector, and it is pat time we bring this tool to bear at the agency tasked with protecting our homeland security.”
DHS has responsibilities for helping protect federal civilian networks from cyber attacks and sharing information with the private sector about cyber threats.
Once signed into law, the House bill says DHS has 180 to establish its bug bounty program. The measure also authorizes DHS pay compensation for reports of unknown security vulnerabilities within its websites, applications and other information systems that are accessible to the public, and to award contracts to manage the bug bounty program and to remediate found vulnerabilities. The bill authorizes $250,000 to be allotted for the program in FY ’18.
The Senate version of the bill was introduced by Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio).
Homeland Security Secretary John Kelly told the Senate Homeland Security Committee on Tuesday that he backs the proposed legislation and that he probably won’t wait until it it’s signed into law before starting a bug bounty program.