DHS pledges to review ‘bug bounty’ cyber legislation

DHS pledges to review ‘bug bounty’ cyber legislation
© Victoria Sarno Jordan

Homeland Security Secretary John Kelly told senators on Tuesday that he would review legislation to create a “bug bounty” program to probe vulnerabilities in the Department of Homeland Security’s (DHS) networks.

The measure, introduced by Sens. Rob PortmanRobert (Rob) Jones PortmanSenate moving ahead with border bill, despite Trump 13 GOP senators ask administration to pause separation of immigrant families Lawmakers, businesses await guidance on tax law MORE (R-Ohio) and Maggie Hassan (D-N.H.), would establish a pilot program offering incentives for third-party researchers to find undiscovered vulnerabilities in DHS networks and data systems.

Kelly committed Tuesday to taking a “hard look” at the legislation. His comments came in response to questioning from Hassan during a Homeland Security and Governmental Affairs hearing focusing on the department’s fiscal year 2018 budget request.


“We will fight hackers with hackers,” Hassan said of the proposed program, which is modeled after an effort to discover weaknesses in Pentagon networks. 

Earlier Tuesday, Reps. Ted Lieu (D-Calif.) and Scott Taylor (R-Va.) introduced companion legislation in the House. 

“There is perhaps no better way to find weaknesses in our cyber armor than to enlist the help of America’s top security researchers,” Lieu said in a statement.

As part of its mission, DHS is tasked with securing U.S. critical infrastructure from cyber and physical threats. The department also spearheads a number of information-sharing initiatives with the private sector to exchange details on cyber threats.