WASHINGTON, D.C. – Yesterday, the Senate unanimously passed by voice vote the bipartisan Hack Department of Homeland Security (DHS) Act introduced by Senators Rob Portman (R-OH) and Maggie Hassan (D-NH) to strengthen cyber defenses at DHS. The Hack DHS Act would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – that uses vetted “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology. The bill is also cosponsored by Senators Claire McCaskill (D-MO) and Kamala Harris (D-CA).

“The networks and systems at DHS are vital to the security of Ohioans and all Americans,” said Senator Portman.  “Bug bounty programs are important cybersecurity tools in the private sector and have shown promising results when used by the government.  This legislation ensures DHS will execute such a program and reap the cost-effective benefits to the security of their networks and systems. I look forward to continuing to work with Senator Hassan to get this bill to the President’s desk and get DHS moving forward on this important effort.” 

“Protecting the Department of Homeland Security from the cyber threats that it faces every day is critical to maintaining the safety, security, and privacy of millions of Americans,” Senator Hassan said. “The bipartisan Hack DHS Act is vital to those efforts, harnessing the talent and skills of patriotic and ethical hackers across the country to help identify weaknesses in the Department of Homeland Security’s systems and protect their fellow citizens. I am pleased that this commonsense measure passed the Senate, and I thank Senator Portman for being a strong partner as we work to strengthen the safety and security of all Granite Staters and Americans.”

NOTE: As the Department in charge of helping to secure all “.gov” domains, as well as critical infrastructure throughout the country, DHS must ensure that its own networks and information technology are free from unintended or unidentified vulnerabilities. The Hack DHS Act will establish a bug bounty program based on the Department of Defense’s pilot program. Under the bill, payments would be provided to white-hat hackers that identify unique and undiscovered vulnerabilities in DHS’s networks and data systems. These white-hat hackers must submit to a background check to help ensure that these individuals do not pose a threat. Additionally, the DHS Secretary must work with the Attorney General to ensure that participants in the bug bounty program do not face prosecutions for their specific work in the program.

For more information on the bill, click here.

Bipartisan companion legislation has also been introduced in the U.S. House by Congressmen Ted Lieu (D - Los Angeles County) and Scott Taylor (R - Virginia).

###