+49 2641 3703 – 0 +49 2641 3703 – 199 info@monch-group.com

US DHS Launches Bug Bounty Programme

Security Researchers Invited to “Hack DHS”

The US government’s Department of Homeland Security (DHS) has announced the launch of a ‘bug bounty’ programme. ‘Hack DHS’ will see vetted hackers attempting to attack DHS systems, and rewarded with cash for any vulnerabilities they discover.

The programme will launch in the new year and run in three phases: first, hackers will conduct virtual assessments on a number of external DHS systems; second, a live, in-person hacking event; last, DHS identify and review lessons learned, and plan for future bug-bounty initiatives. Hackers will have to work within pre-defined rules of engagement, and DHS says the initiative will “leverage a platform created by the Department’s Cybersecurity and Infrastructure Agency“. Hackers participating will have to apply in advance and be vetted.

As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” Alejandro N Mayorkas, DHS Secretary, explained in a statement announcing the programme.  “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.”

This is not the first bug bounty programme to be conducted by the US government. In 2016, DoD launched Hack the Pentagon, which, in its initial pilot, saw over 1400 hackers participating and uncovered 138 previously unknown vulnerabilities, which the department’s Defense Media Activity was able to remediate. The programme has continued, was rebranded as the DoD’s Vulnerability Disclosure Program, and in May this year was extended to cover all publicly-accessible defence information systems. In a release published to announce this expansion, the DoD said that, since 2016, more than 29,000 vulnerability reports have been submitted, over 70% of which were determined to be valid. The expansion of the programme is expected to see these numbers “drastically increase, due to the security researcher community discovering vulnerabilities that were previously unreportable,” according to the release.

Secretary Mayorkas (r) during a tour of the Los Angeles Cyber Command Center in June. (Photo: U.S. Department of Homeland Security)

Related Posts

Publish date

12/21/2021

Sign up to our newsletter and stay up to date.

News

Air

C4ISR

Components / Systems

Cyber

Defence Business

Homeland Security

International Security

Land

Latin America (Spanish)

Logistics

Naval

Training & Simulation

Space

Special Forces

Unmanned

Publications

Contact Us

Contact Info

Mönch Verlagsgesellschaft mbH
Christine-Demmer-Straße 7
53474 Bad Neuenahr – Ahrweiler

+49 2641 3703 – 0

+49 2641 3703 - 199

Follow On

X