DHS announces its ‘Hack DHS’ bug bounty program

The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems.

The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed ‘Hack DHS’ that allows vetted white hat hackers to discover and report security vulnerabilities in external DHS systems.

“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. Mayorkas.  “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.  This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.” 

The Hack DHS bug bounty program will occur in three phases throughout Fiscal Year 2022. During the first phase, researchers will perform remote vulnerability assessments on certain DHS external systems. In the second phase, the experts will participate in a live, in-person hacking event, while in the third phase, DHS will identify and review lessons learned, and plan for future bug bounties.

The new bug bounty program will use a platform developed by the Cybersecurity and Infrastructure Security Agency (CISA) and will be monitored by the DHS Office of the Chief Information Officer.

Participants to the Hack DHS will receive rewards between $500 and $5,000 for each reported issue depending on its severity. 

“Hackers will disclose their findings to DHS system owners and leadership, including what the vulnerability is, how they exploited it, and how it might allow other actors to access information.  The bounty for identifying each bug is determined by using a sliding scale, with hackers earning the highest bounties for identifying the most severe bugs.” continues the announcement.

The Hack DHS is not the only bug bounty program launched by US government and military, similar initiatives across the federal government include the ‘Hack the Pentagon‘ and Hack the Army programs.

“Hack DHS builds on the best practices learned from similar, widely implemented initiatives across the private sector and the federal government, such as the Department of Defense’s “Hack the Pentagon” program.” concluded the announcement. “DHS established its first bug bounty pilot program in 2019 as a result of provisions authored by Senator Maggie Hassan (D-N.H.), Senator Rob Portman (R-Ohio), Rep. Ted Lieu (D-Calif.), and Rep. Scott Taylor (R-Va.) that passed into law as part of the SECURE Technology Act. This law permits the Department to compensate individuals chosen to evaluate DHS systems by mimicking hacker behavior.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Hack DHS)

[adrotate banner=”5″]

[adrotate banner=”13″]