Senate panel approves bill compelling researchers to ‘hack’ DHS

A Senate panel with oversight of the Department of Homeland Security (DHS) has approved legislation that would set up a “bug bounty” program to pay researchers for catching vulnerabilities in the department’s information systems. 

The bipartisan bill, introduced by Sens. Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio) in May, advanced the Senate Homeland Security and Governmental Affairs Committee during a meeting Wednesday. Sen. Claire McCaskill (D-Mo.), the committee’s ranking member, is cosponsoring the legislation, along with Sen. Kamala Harris (D-Calif.). 

{mosads}

The “Hack DHS Act” would direct the Department of Homeland Security to set up a pilot “bug bounty” program that would offer cash to security researchers who identify and report vulnerabilities in DHS’s information systems. The idea was modeled after a similar program established at the Pentagon to catch undiscovered vulnerabilities in the Defense Department’s systems. 

The program is aimed at boosting security of the department’s networks.

“What it says is that you actually bring in the ‘white hat’ hackers who are good at what they do and try to find vulnerabilities in the system. It’s worked well at the Pentagon,” Portman said during the business meeting on Wednesday. 

“The Department of Homeland Security’s job is to make us safe,” the Republican senator added. “We think it is absolutely appropriate to take this program over to the Department of Homeland Security.” 

Portman also encouraged Congress to explore establishing pilot programs at other federal agencies to boost their security.

“Let’s make this work at DHS, let’s get this to the floor. And then let’s see whether it’s appropriate to expand this to other agencies and departments, because this is not going away,” Portman said. 

Bug bounty programs have also become prevalent in the private sector, as companies look to boost their cybersecurity.

“The Department of Homeland Security is a prime target for cyberattacks that can threaten the safety, security, and privacy of millions of Americans, and the Department must do everything in its power to protect the American people from these threats,” Hassan said in a statement.

“Employing patriotic, ethical hackers who can help identify weaknesses in the Department’s cyber systems is a common-sense step that has been successfully utilized in the private sector.”