The U.S. federal government has been utilizing bug bounty programs for some time now. One essential component to the federal infrastructure post-9/11, the Department of Homeland Security, has yet to implement these programs, however. If certain members of Congress are successful in their bid, this is all due to change.
A press release from the office of Sen. Maggie Hassan (D-N.H.) announced the Hack Department of Homeland Security (DHS) Act, which will seek to form a bug bounty program employing white hats to find vulnerabilities in DHS networks and data systems. The bill is a bipartisan Senate effort introduced by Hassan and Rob Portman (R-Ohio), with co-sponsorship from Claire McCaskill (D-Mo.) and Kamala Harris (D-Calif).
The press release gave the inspiration behind the bill in the words of Sen. Hassan:
“The Hack DHS Act provides this help by drawing upon an untapped resource—patriotic and ethical hackers across the country who want to stop these threats before they endanger their fellow citizens. This bipartisan bill take the first step to utilize best practices from the private sector to harness the skills of hackers across America as a force multiplier against these cyber threats. I will work with members of both parties to move this important bill forward.”
Patriotic language aside, the senator is quite correct in her assertion that white hats will be eager to find vulnerabilities. There must be a decent financial incentive, however, as there is a considerable amount of effort required to find exploits. If past U.S. government bug bounties are any indication, I imagine the hackers will be well paid for their efforts.
This is all still in a hypothetical stage, as congressional gridlock impedes bills far more often than any of us would like to admit. The hope here is, at least in my opinion, that the bipartisan nature of the bill will allow it to fast track compared against other legislative efforts. The U.S. government has seen how effective previous bug bounties for the Department of Defense have been, so I cannot imagine the Hack the DHS Act will face significant resistance.
Photo credit: U.S. Department of Homeland Security