Ethical hackers may soon be able to probe for digital weaknesses at the government’s top civilian cybersecurity agency.
Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, introduced a bill Friday that would launch a pilot program offering cash rewards to hackers who discover vulnerabilities in Homeland Security Department websites and other public-facing tools.
The program would exclude sensitive and mission critical systems.
Known as a bug bounty, the program has already been implemented at the Defense Department and by the Army and Air Force. The General Services Administration’s Technology Transformation Service is also offering a bug bounty.
The goal of bug bounties, which are common among many large technology companies, is to incentivize ethical, or “white hat” hackers, to discover dangerous computer vulnerabilities before their black-hatted cousins find and exploit them.
The bill would require security researchers who participate in the program to submit to a background check and register with DHS. There was a similar requirement for the Hack the Pentagon program.
The bill includes a $250,000 appropriation to manage the contest.
“As the department in charge of helping to secure all dot-gov domains, as well as critical infrastructure throughout the country, DHS must ensure that its own networks and data systems are free from unintended or unidentified vulnerabilities,” Hassan and Portman said in a news release
The department would have six months to launch the pilot bug bounty program after the bill passed and 90 days after the program concluded to report to Congress on its accomplishments.
A trial run of the Hack the Pentagon program turned up 1,189 vulnerabilities in DOD systems and resulted in $75,000 in payouts to hackers.