Senate panel approves bill compelling researchers to ‘hack’ DHS

Senate panel approves bill compelling researchers to ‘hack’ DHS
© Getty

A Senate panel with oversight of the Department of Homeland Security (DHS) has approved legislation that would set up a “bug bounty” program to pay researchers for catching vulnerabilities in the department’s information systems. 

The bipartisan bill, introduced by Sens. Maggie HassanMargaret (Maggie) HassanNew Hampshire's secretary of state narrowly holds seat New Hampshire Dem icon at risk after work with Trump Dem senators call on DeVos to rescind new campus sexual assault policies MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanSenators look for possible way to end shutdown GOP reasserts NATO support after report on Trump’s wavering Leaders nix recess with no shutdown deal in sight MORE (R-Ohio) in May, advanced the Senate Homeland Security and Governmental Affairs Committee during a meeting Wednesday. Sen. Claire McCaskillClaire Conner McCaskillThe Hill’s 12:30 Report: Trump AG pick Barr grilled at hearing | Judge rules against census citizenship question | McConnell blocks second House bill to reopen government Ex-Sen. McCaskill joins NBC, MSNBC Some Senate Dems see Ocasio-Cortez as weak spokeswoman for party MORE (D-Mo.), the committee’s ranking member, is cosponsoring the legislation, along with Sen. Kamala HarrisKamala Devi HarrisKamala Harris picks Baltimore as headquarters for potential 2020 campaign: report Ocasio-Cortez returns to 'The Late Show' on Monday Ocasio-Cortez's first House floor speech becomes C-SPAN's most-viewed Twitter video MORE (D-Calif.). 

ADVERTISEMENT

The “Hack DHS Act” would direct the Department of Homeland Security to set up a pilot “bug bounty” program that would offer cash to security researchers who identify and report vulnerabilities in DHS’s information systems. The idea was modeled after a similar program established at the Pentagon to catch undiscovered vulnerabilities in the Defense Department’s systems. 

The program is aimed at boosting security of the department’s networks.

“What it says is that you actually bring in the ‘white hat’ hackers who are good at what they do and try to find vulnerabilities in the system. It’s worked well at the Pentagon,” Portman said during the business meeting on Wednesday. 

“The Department of Homeland Security’s job is to make us safe,” the Republican senator added. “We think it is absolutely appropriate to take this program over to the Department of Homeland Security.” 

Portman also encouraged Congress to explore establishing pilot programs at other federal agencies to boost their security.

“Let’s make this work at DHS, let’s get this to the floor. And then let’s see whether it’s appropriate to expand this to other agencies and departments, because this is not going away,” Portman said. 

Bug bounty programs have also become prevalent in the private sector, as companies look to boost their cybersecurity.

"The Department of Homeland Security is a prime target for cyberattacks that can threaten the safety, security, and privacy of millions of Americans, and the Department must do everything in its power to protect the American people from these threats," Hassan said in a statement.

"Employing patriotic, ethical hackers who can help identify weaknesses in the Department’s cyber systems is a common-sense step that has been successfully utilized in the private sector."