DHS Launches Bug Bounty Program
The United States Department of Homeland Security has launched a new bug bounty program to identify potential cybersecurity vulnerabilities and increase the department’s cybersecurity resilience.
When announcing the “Hack DHS” program in a statement shared yesterday, the department said its aim was to uncover weaknesses within certain DHS systems so that they can be patched.
In exchange for pointing out flaws, successful bug hunters will receive a cash payment. How much they earn will be decided by a sliding scale, with the highest bounties going to hackers who catch the most severe bugs.
The DHS bug bounty program is by invitation only. Program participants will be selected from a list of vetted cybersecurity researchers.
“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro Mayorkas.
“The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”
Mayorkas added that the new program is an example of how the DHS is partnering with the community to help protect America’s national cybersecurity.
Hack DHS is a three-phase program that will run throughout the fiscal year 2022.
The DHS said: “During phase one, hackers will conduct virtual assessments on certain DHS external systems. During the second phase, hackers will participate in a live, in-person hacking event.
“During the third and final phase, DHS will identify and review lessons learned, and plan for future bug bounties.”
The DHS is partnering with crowdsourced cybersecurity company Bugcrowd to deliver the program.
Bugcrowd founder and CTO Casey Ellis commented: “We’ve been advising a variety of government agencies for many years including the DHS, and we’ll be the platform partner for this program.”
He added: “In the spirit of crowdsourcing, they’ve also drawn from the existing experience of running successful programs within the US government, including from those who’ve worked on the CISA program, and veterans of the Hack the Pentagon series of programs.
“Good planning is an excellent predictor of success in this space, and they’ve definitely put that work in.”