FEATURED:

Senate panel approves bill compelling researchers to ‘hack’ DHS

Senate panel approves bill compelling researchers to ‘hack’ DHS
© Getty

A Senate panel with oversight of the Department of Homeland Security (DHS) has approved legislation that would set up a “bug bounty” program to pay researchers for catching vulnerabilities in the department’s information systems. 

The bipartisan bill, introduced by Sens. Maggie HassanMargaret (Maggie) HassanSave lives, restore congressional respect by strengthening opioids’ seizure Overnight Tech: Intel chief says 'no doubt' Russia will meddle in midterms | Dems press FCC over net neutrality comments | Bill aims to bridge rural-urban digital divide | FCC to review rules on children's TV Senators offer bill to close rural-urban internet divide MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanCommittee chairman aims for House vote on opioid bills by Memorial Day Flake to try to force vote on DACA stopgap plan Congress punts fight over Dreamers to March MORE (R-Ohio) in May, advanced the Senate Homeland Security and Governmental Affairs Committee during a meeting Wednesday. Sen. Claire McCaskillClaire Conner McCaskillMcCaskill welcomes ninth grandson in a row Dem group launches M ad buy to boost vulnerable senators Senate Dems block crackdown on sanctuary cities MORE (D-Mo.), the committee’s ranking member, is cosponsoring the legislation, along with Sen. Kamala HarrisKamala Devi HarrisCongress fails miserably: For Asian-Americans, immigration proposals are personal attacks American women will decide who wins and loses in 2018 elections Dems ponder gender politics of 2020 nominee MORE (D-Calif.). 

ADVERTISEMENT

The “Hack DHS Act” would direct the Department of Homeland Security to set up a pilot “bug bounty” program that would offer cash to security researchers who identify and report vulnerabilities in DHS’s information systems. The idea was modeled after a similar program established at the Pentagon to catch undiscovered vulnerabilities in the Defense Department’s systems. 

The program is aimed at boosting security of the department’s networks.

“What it says is that you actually bring in the ‘white hat’ hackers who are good at what they do and try to find vulnerabilities in the system. It’s worked well at the Pentagon,” Portman said during the business meeting on Wednesday. 

“The Department of Homeland Security’s job is to make us safe,” the Republican senator added. “We think it is absolutely appropriate to take this program over to the Department of Homeland Security.” 

Portman also encouraged Congress to explore establishing pilot programs at other federal agencies to boost their security.

“Let’s make this work at DHS, let’s get this to the floor. And then let’s see whether it’s appropriate to expand this to other agencies and departments, because this is not going away,” Portman said. 

Bug bounty programs have also become prevalent in the private sector, as companies look to boost their cybersecurity.

"The Department of Homeland Security is a prime target for cyberattacks that can threaten the safety, security, and privacy of millions of Americans, and the Department must do everything in its power to protect the American people from these threats," Hassan said in a statement.

"Employing patriotic, ethical hackers who can help identify weaknesses in the Department’s cyber systems is a common-sense step that has been successfully utilized in the private sector."