DHS Seeks to Bolster Systems Cybersecurity via Bug Bounty Program

The Department of Homeland Security has established a bug bounty program to encourage ethical hackers to probe its systems for vulnerabilities.

DHS Secretary Alejandro Mayorkas told attendees at the Bloomberg Technology Summit that the Hack DHS initiative would offer $500 to $5,000 in rewards for hackers depending on the severity of flaws that they spot on agency systems.

Upon the identification of flaws, the DHS will spend the next 48 hours on verification efforts in order to address the discovered issues within 15 days. A plan will be drafted to remediate complex bugs, CyberScoop reported Tuesday.

According to Mayorkas, the effort would show that the DHS can lead by example as the federal leader in protecting and enhancing the cybersecurity of the private sector and of the federal government.

The DHS said in an announcement that the program will run throughout fiscal year 2022. The agency’s chief information officer will be tasked with overseeing the Hack DHS initiative along with the Cybersecurity and Infrastructure Security Agency.

While Mayorkas did not detail how much the program would cost, he said the DHS is “investing a great deal of money” and attention in the program.

The launch of the bug bounty program comes nearly three years after former President Donald Trump signed legislation mandating the establishment of such a program within the DHS.

Other agencies such as the Department of Defense and the Internal Revenue Service already have their own bug bounty programs. The IRS was a trailblazer in that it established the first civilian federal agency bug bounty program in 2016. The DOD started its Hack the Pentagon pilot in the same year.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now