Sens submit bill to 'Hack the DHS'

Sens submit bill to 'Hack the DHS'
© Greg Nash

Sens. Maggie Hassan (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanSenate panel spars with Trump administration over treatment of unaccompanied immigrant children Senate study: Trump hasn’t provided adequate support to detained migrant children Senators introduce bill to change process to levy national security tariffs MORE (R-Ohio) have introduced legislation to force the Department of Homeland Security (DHS) to implement a "bug bounty" program. 

Bug bounty programs offer incentives for third-party researchers to discover and report cybersecurity flaws, giving IT administrators a heads-up on what needs to be repaired.

They are generally considered a useful part of private-sector cybersecurity regimens and are beginning to see some traction in the federal government, including programs at the Department of Defense (DOD).

"[I]n order to protect DHS and the American people from these threats, the Department will need help,” said Hassan in a statement.

"The 'Hack the DHS Act' provides this help by drawing upon an untapped resource — patriotic and ethical hackers across the country who want to stop these threats before they endanger their fellow citizens."

"Hack the DHS" takes its name from successful programs run in the DOD, including "Hack the Pentagon" and "Hack the DoD." 

The DOD programs required hackers to be vetted before participating, something that is not required in all programs. 

The Hack the DHS bill leaves many details of the program up to the agency but requires the DHS to establish a program within 180 days. 

Hack the Pentagon, the first federal bug bounty, ran for slightly under one month in 2016. In that time, hackers discovered 138 patchable vulnerabilities within the DOD's public-facing systems. Then Secretary of Defense Ash Carter estimated that the $150,000 program saved the department more than $800,000 over receiving comparable security testing from the private sector.