The Senate unanimously passed a bill Tuesday to create a program for hackers to infiltrate Department of Homeland Security networks with the aim of discovering software vulnerabilities before malicious actors can carry out their own cyber attacks.
The bipartisan Hack Department of Homeland Security Act (S.1281), sponsored by Sens. Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio), would establish a bug bounty pilot program modeled after the Department of Defense’s Hack the Pentagon initiative.
“Protecting the Department of Homeland Security from the cyber threats that it faces every day is critical to maintaining the safety, security, and privacy of millions of Americans,” Hassan said in a statement. “The bipartisan Hack DHS Act is vital to those efforts, harnessing the talent and skills of patriotic and ethical hackers across the country to help identify weaknesses in the Department of Homeland Security’s systems and protect their fellow citizens.”
Hackers participating in the program would receive payments for each unique vulnerabilities they discover in DHS’ networks and data systems.
The bill also describes contracting opportunities for industry partners to manage the program and eventually work to mitigate the newly identified vulnerabilities.
DoD officials have found previous success with their bug bounty program and a follow-on Hack the Army effort.
“Bug bounty programs are important cyber security tools in the private sector and have shown promising results when used by the government. This legislation ensures DHS will execute such a program and reap the cost-effective benefits to the security of their networks and systems. I look forward to continuing to work with Senator Hassan to get this bill to the President’s desk and get DHS moving forward on this important effort,” Portman said.
DHS Secretary Kirstjen Nielsen detailed at a recent cyber conference her department’s ongoing effort to roll out a new cyber security strategy built on improved information sharing partnerships (Defense Daily, April 17).
Bipartisan companion legislation (H.R.2774) has already been introduced in the house by Reps. Ted Lieu (D-Calif.) and Scott Taylor (R-Va.).
A House Energy & Commerce subcommittee also unanimously approved Wednesday to send two cyber-related energy grid bills for a full committee vote.
The Subcommittee on Energy approved the Cyber Sense Act (H.R.5239), which would establish a voluntary Department of Energy program to test the cyber security of new capabilities to be implemented on energy infrastructure systems.
Lawmakers also approved the Enhancing Grid Security through Public-Private Partnerships Act (H.R.5240), which requires DoE to better facilitate public-private partnership needed to advance the cyber security of the electrical grid.