Senate panel approves bill compelling researchers to ‘hack’ DHS

Senate panel approves bill compelling researchers to ‘hack’ DHS
© Getty

A Senate panel with oversight of the Department of Homeland Security (DHS) has approved legislation that would set up a “bug bounty” program to pay researchers for catching vulnerabilities in the department’s information systems. 

The bipartisan bill, introduced by Sens. Maggie HassanMargaret (Maggie) HassanDemocratic Homeland Security members request additional DHS nominee testimony Bipartisan group of lawmakers aim to reform US sugar program Trump transportation nominee comes under fire for sexual assault comments MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanSenate GOP reveals different approach on tax reform GOP senators: Moore should step aside if allegations true Senate set for clash with House on tax bill MORE (R-Ohio) in May, advanced the Senate Homeland Security and Governmental Affairs Committee during a meeting Wednesday. Sen. Claire McCaskillClaire Conner McCaskillDemocratic Homeland Security members request additional DHS nominee testimony Senate panel delays vote on Trump’s Homeland Security pick Steve Israel: ‘We had a better time at the DMZ than we’re going to have tonight’ MORE (D-Mo.), the committee’s ranking member, is cosponsoring the legislation, along with Sen. Kamala HarrisKamala Devi HarrisSchumer: Dems want DACA fix in government spending bill Overnight Health Care: ObamaCare sign-ups surge in early days Sen. Harris seeks information from maker of opioid treatment MORE (D-Calif.). 

ADVERTISEMENT

The “Hack DHS Act” would direct the Department of Homeland Security to set up a pilot “bug bounty” program that would offer cash to security researchers who identify and report vulnerabilities in DHS’s information systems. The idea was modeled after a similar program established at the Pentagon to catch undiscovered vulnerabilities in the Defense Department’s systems. 

The program is aimed at boosting security of the department’s networks.

“What it says is that you actually bring in the ‘white hat’ hackers who are good at what they do and try to find vulnerabilities in the system. It’s worked well at the Pentagon,” Portman said during the business meeting on Wednesday. 

“The Department of Homeland Security’s job is to make us safe,” the Republican senator added. “We think it is absolutely appropriate to take this program over to the Department of Homeland Security.” 

Portman also encouraged Congress to explore establishing pilot programs at other federal agencies to boost their security.

“Let’s make this work at DHS, let’s get this to the floor. And then let’s see whether it’s appropriate to expand this to other agencies and departments, because this is not going away,” Portman said. 

Bug bounty programs have also become prevalent in the private sector, as companies look to boost their cybersecurity.

"The Department of Homeland Security is a prime target for cyberattacks that can threaten the safety, security, and privacy of millions of Americans, and the Department must do everything in its power to protect the American people from these threats," Hassan said in a statement.

"Employing patriotic, ethical hackers who can help identify weaknesses in the Department’s cyber systems is a common-sense step that has been successfully utilized in the private sector."