On Thursday last week, Senators Maggie Hassan and Rob Portman introduced the Hack Department of Homeland Security (DHS) Act to formalize ways for white hat hackers to participate in bug bounty programs. Previously, similar programs have successfully been implemented for other departments, including the Air Force, Pentagon, and Army.
Upgrading America's cyber-security
Earlier in May, U.S. President Donald Trump finally signed an executive order that set the stage for improving and managing cyber-security risks across federal networks. The President has even established a tech group named the American Technology Council, scheduled to meet in a gathering this month, consisting of great minds in technology to help coordinate the federal IT modernization efforts.
The DHS is in charge of helping secure all ".gov" domains. For a bug bounty to happen, the DHS secretary would have to work with the Attorney General to make sure that the ethical hackers participating in the program do not face prosecutions for their work.
Not the first
In a press release, Senator Maggie Hassan said that federal agencies like DHS face daily assaults from cyber-attacks. The attacks are viewed as a threat to the "safety, security, and privacy" of millions of Americans, and the Hack DHS Act, listed as S. 1281 in the 5th Congress, will ultimately help the Department. According to Threat Post, other model programs that were successfully held included the Department of Defense's Hack the Pentagon, the U.S.
Army's Hack the Army, and the U.S. Force's Hack the Air Force program that launched last month. In these program, hackers compete for monetary rewards by discovering the vulnerabilities in the networks or systems.
Bug bounty program
Among well-known tech companies, such as Google, Facebook, and Amazon, bug bounty programs are regularly held for various purposes and in events.
Through a competitive program, hackers are allowed to poke around the systems. Now this type of bounty is becoming a feasible option for smaller or non-tech companies who have been hit with digital crimes, such as data breaches. Within the past months, a number of companies have made the news for data breaches, stolen data, and various other types of digital crimes that compromise their consumer's information: the restaurant search service Zomato, Coachella and Stagecoach, GameSpot, and many more. The difference is that in a federal Bug Bounty Program, the participants will need to undergo a background check before they can compete for the rewards.