DHS pledges to review ‘bug bounty’ cyber legislation

DHS pledges to review ‘bug bounty’ cyber legislation
© Victoria Sarno Jordan

Homeland Security Secretary John Kelly told senators on Tuesday that he would review legislation to create a “bug bounty” program to probe vulnerabilities in the Department of Homeland Security’s (DHS) networks.

The measure, introduced by Sens. Rob PortmanRobert (Rob) Jones PortmanKellyanne Conway joins Ohio Senate candidate's campaign OVERNIGHT ENERGY: Senate confirms Mallory to lead White House environment council | US emissions dropped 1.7 percent in 2019 | Interior further delays Trump rule that would make drillers pay less to feds Senate confirms Biden's pick to lead White House environmental council MORE (R-Ohio) and Maggie Hassan (D-N.H.), would establish a pilot program offering incentives for third-party researchers to find undiscovered vulnerabilities in DHS networks and data systems.

Kelly committed Tuesday to taking a “hard look” at the legislation. His comments came in response to questioning from Hassan during a Homeland Security and Governmental Affairs hearing focusing on the department’s fiscal year 2018 budget request.


“We will fight hackers with hackers,” Hassan said of the proposed program, which is modeled after an effort to discover weaknesses in Pentagon networks. 

Earlier Tuesday, Reps. Ted Lieu (D-Calif.) and Scott Taylor (R-Va.) introduced companion legislation in the House. 

“There is perhaps no better way to find weaknesses in our cyber armor than to enlist the help of America’s top security researchers,” Lieu said in a statement.

As part of its mission, DHS is tasked with securing U.S. critical infrastructure from cyber and physical threats. The department also spearheads a number of information-sharing initiatives with the private sector to exchange details on cyber threats.