DHS pledges to review ‘bug bounty’ cyber legislation

DHS pledges to review ‘bug bounty’ cyber legislation
© Victoria Sarno Jordan

Homeland Security Secretary John Kelly told senators on Tuesday that he would review legislation to create a “bug bounty” program to probe vulnerabilities in the Department of Homeland Security’s (DHS) networks.

The measure, introduced by Sens. Rob PortmanRobert (Rob) Jones PortmanOn The Money: Trump to seek new round of tax cuts after midterms | Mnuchin meets with Saudi crown prince | Trump threatens to cut foreign aid over caravan On The Money: Mnuchin to attend anti-terror meeting in Saudi Arabia | Treasury releases guidance on 'opportunity zone' program | Maxine Waters gets company in new GOP line of attack Election Countdown: O'Rourke brings in massive M haul | Deal on judges lets senators return to the trail | Hurricane puts Florida candidates in the spotlight | Adelson spending big to save GOP in midterms MORE (R-Ohio) and Maggie Hassan (D-N.H.), would establish a pilot program offering incentives for third-party researchers to find undiscovered vulnerabilities in DHS networks and data systems.

Kelly committed Tuesday to taking a “hard look” at the legislation. His comments came in response to questioning from Hassan during a Homeland Security and Governmental Affairs hearing focusing on the department’s fiscal year 2018 budget request.


“We will fight hackers with hackers,” Hassan said of the proposed program, which is modeled after an effort to discover weaknesses in Pentagon networks. 

Earlier Tuesday, Reps. Ted Lieu (D-Calif.) and Scott Taylor (R-Va.) introduced companion legislation in the House. 

“There is perhaps no better way to find weaknesses in our cyber armor than to enlist the help of America’s top security researchers,” Lieu said in a statement.

As part of its mission, DHS is tasked with securing U.S. critical infrastructure from cyber and physical threats. The department also spearheads a number of information-sharing initiatives with the private sector to exchange details on cyber threats.