The “Hack DHS Act” has been introduced in order to help address key vulnerabilities in the Department of Homeland Security.
This “bug bounty” program will follow the same general tactics used in the Department of Defense’s Hack The Pentagon project. The idea is relatively simple, but effective: Ask the internet’s most creative hackers to take their best shot at dismantling national security and pay them for reporting the loopholes. The recent WannaCry ransomware attack has spotlighted just how destructive a single program can be to even the most apparently impervious systems.
Democrat Senator Maggie Hassan and Republican Senator Rob Portman are behind this bipartisan effort to tighten our virtual security, using the knowledge and resources of the very people who could threaten it. With the DHS serving as an online wall around government websites and infrastructure, making sure it is as leak-proof as possible is of utmost importance.
In a statement, Senator Hassan said:
Federal agencies like DHS are under assault every day from cyberattacks. These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help.
Hacker “researchers” cannot be prosecuted under the Computer Fraud and Abuse Act, so long as they steer clear of off-limits “mission-critical” systems.
Security firm Symantec’s Jeff Greene called the approach “a cost-effective way of identifying vulnerabilities” in an “era of constrained budgets.” The General Services Administration is taking notes, as well. They announced their own version of the program in partnership with cybersecurity company HackerOne two weeks ago
Once the Hack DHS Act is evaluated by the Homeland Security and Governmental Affairs Committee, it will head to the Senate.