WASHINGTON – Last week, Senators Maggie Hassan (D-NH) and Rob Portman (R-OH) introduced a bipartisan bill, the Hack DHS Act, to strengthen cyber defenses at the Department of Homeland Security (DHS). The bill, which is also cosponsored by Senators Claire McCaskill (D-MO) and Kamala Harris (D-CA), would establish a bug bounty pilot program in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and data systems.
See below for highlights of the coverage:
CNN: Senators introduce a bill to hack the Department of Homeland Security
By Selena Larson
On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS.
Bug bounty programs let hackers test the security of technical systems. Engineers hunt for "bugs," or errors in code that could leak information or break the security of websites and communication tools, and are paid when they find something.
The DHS is responsible for the security of government websites and critical infrastructure across the country, which makes it a good candidate for bug bounty programs.
It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force.
"Federal agencies like DHS are under assault every day from cyberattacks," Hassan said in a statement. "These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help."
… The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act.
The Hill: Sens submit bill to 'Hack the DHS'
By Joe Uchill
Sens. Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio) have introduced legislation to force the Department of Homeland Security (DHS) to implement a "bug bounty" program.
Bug bounty programs offer incentives for third-party researchers to discover and report cybersecurity flaws, giving IT administrators a heads-up on what needs to be repaired.
They are generally considered a useful part of private-sector cybersecurity regimens and are beginning to see some traction in the federal government, including programs at the Department of Defense (DOD).
"[I]n order to protect DHS and the American people from these threats, the Department will need help,” said Hassan in a statement.
"The 'Hack the DHS Act' provides this help by drawing upon an untapped resource — patriotic and ethical hackers across the country who want to stop these threats before they endanger their fellow citizens."
Politico: Morning Cybersecurity: Bug Bounties, So Hot Right Now
By Eric Geller
A bipartisan pair of senators introduced a bill late last week that would establish a bug bounty for the Homeland Security Department. The measure from Sens. Rob Portman and Maggie Hassan — dubbed the Hack the Department of Homeland Security Act — is inspired by similar efforts at other federal agencies, such as last year’s well-received “Hack the Pentagon” pilot program at the Defense Department.
The new effort would give vetted white-hat hackers cash prizes for identifying unique and undiscovered vulnerabilities in DHS’s networks. “The networks and systems at DHS are vital to our nation’s security. It’s imperative that we take every step to protect DHS from the many cyber attacks they face every day,” Portman said in a statement. Federal agencies like DHS are “under assault every day from cyberattacks,” according to Hassan. “These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help.” The new measure is co-sponsored by Sen. Claire McCaskill, the top Democrat on the Senate Homeland Security Committee, and California Democratic Sen. Kamala Harris.
Cyberscoop: Bill would create bug bounty program inside DHS
By Greg Otto
A bipartisan group of senators has introduced a bill to create a bug bounty program inside the Department of Homeland Security.
Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, introduced the Hack Department of Homeland Security Act, which would establish a bug bounty pilot program similar to ones in use at the Department of Defense and major tech companies around the world.
“Federal agencies like DHS are under assault every day from cyberattacks. These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help,” Hassan said in a statement.
NextGov: These Senators Want You to Hack DHS
By Joseph Marks
Ethical hackers may soon be able to probe for digital weaknesses at the government’s top civilian cybersecurity agency.
Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, introduced a bill Friday that would launch a pilot program offering cash rewards to hackers who discover vulnerabilities in Homeland Security Department websites and other public-facing tools.
… “As the department in charge of helping to secure all dot-gov domains, as well as critical infrastructure throughout the country, DHS must ensure that its own networks and data systems are free from unintended or unidentified vulnerabilities,” Hassan and Portman said in a news release
###