- Today, the Department of Homeland Security (DHS) announced the launch of "Hack DHS," a bug bounty program to identify potential cybersecurity vulnerabilities within certain DHS systems and increase the Department's cybersecurity resilience. Through Hack DHS, vetted cybersecurity researchers who have been invited to access select external DHS systems ("hackers") will identify vulnerabilities ("bugs") that could be exploited by bad actors so they can be patched. These hackers will be rewarded with payments ("bounties") for the bugs they identify.
"As the federal government's cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems," said. "The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation's cybersecurity."
Hack DHS will occur in three phases throughout Fiscal Year 2022, with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience. During phase one, hackers will conduct virtual assessments on certain DHS external systems. During the second phase, hackers will participate in a live, in-person hacking event. During the third and final phase, DHS will identify and review lessons learned, and plan for future bug bounties.
Hack DHS, which will leverage a platform created by the Department's Cybersecurity and Infrastructure Security Agency (CISA), will be governed by several rules of engagement and monitored by the DHS Office of the Chief Information Officer. Hackers will disclose their findings to DHS system owners and leadership, including what the vulnerability is, how they exploited it, and how it might allow other actor
|
