Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

U.S. Government Launches ‘Hack DHS’ Bug Bounty Program

The United States Department of Homeland Security (DHS) this week announced the launch of a bug bounty program focused on identifying vulnerabilities in its systems.

The United States Department of Homeland Security (DHS) this week announced the launch of a bug bounty program focused on identifying vulnerabilities in its systems.

Only vetted cybersecurity researchers have been invited to the new ‘Hack DHS’ program, and they will be allowed to hunt for vulnerabilities in specific Department systems, so they can be addressed before malicious actors exploit them.

The program will run in three phases throughout Fiscal Year 2022, starting with the identification of vulnerabilities and moving into a live, in-person hacking event, followed by an assessment period during which DHS will review lessons learned.

Hack DHS will use a platform created by the Department’s Cybersecurity and Infrastructure Security Agency (CISA) and will be monitored by the DHS Office of the Chief Information Officer.

The researchers will report identified flaws to DHS system owners and leadership, providing details on the security defect itself, exploitation methods, and how it may lead to information leakage. Bug bounty rewards will be established based on the severity of the reported flaws – they will range between $500 and $5,000.

The Hack DHS bug bounty program is being launched four and a half years after a bill to establish it was announced, and three years after provisions by Senator Maggie Hassan (D-N.H.), Senator Rob Portman (R-Ohio), Rep. Ted Lieu (D-Calif.), and Rep. Scott Taylor (R-Va.) passed into law.

DHS launched a pilot bug bounty program in 2019. The U.S. government ran various other similar programs, including the Department of Defense’s ‘Hack the Pentagon‘, ‘Hack the Army‘, ‘Hack the Air Force‘, and others.

“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. Mayorkas. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.”

Advertisement. Scroll to continue reading.

Related: U.S. Government Announces ‘Hack the Army 3.0’ Bug Bounty Program

Related: Microsoft Adds Power Platform to Bug Bounty Program

Related: Switzerland Launches Bug Bounty Program for E-Voting Systems

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.