U.S. senators want people to hack the Department of Homeland Security.
On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS.
Bug bounty programs let hackers test the security of technical systems. Engineers hunt for “bugs,” or errors in code that could leak information or break the security of websites and communication tools, and are paid when they find something.
The DHS is responsible for the security of government websites and critical infrastructure across the country, which makes it a good candidate for bug bounty programs.
It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force.
“Federal agencies like DHS are under assault every day from cyberattacks,” Hassan said in a statement. “These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help.”
High-profile cyber incidents like the Russian hacking during the U.S. election and the global WannaCry ransomware have put a spotlight on security and cybercrime. Bug bounty programs could find flaws in computer systems before they can be exploited by bad actors who want to steal information or hold systems for ransom.
The Hack the DHS Act establishes a framework for bug bounties, including establishing “mission-critical” systems that aren’t allowed to be hacked, and making sure researchers who find bugs in DHS don’t get prosecuted under the Computer Fraud and Abuse Act.
“It’s better to find vulnerabilities through someone you have engaged with and vetted,” said Jeff Greene, the director of government affairs and policy at security firm Symantec. “In an era of constrained budgets, it’s a cost-effective way of identifying vulnerabilities”
If passed, it would be among the first non-military bug bounty program in the public sector. Two weeks ago, the General Services Administration also announced a bug bounty program.
The bill will first go through the Homeland Security and Governmental Affairs Committee before being considered by the full Senate.
Correction: An earlier version of this story incorrectly stated that this was the government’s first non-military bug bounty program.