The US Department of Homeland Security is launching its own bug bounty program to help find and correct gaps in its systems.
The new “Hack DHS” program was made official by Homeland Security Secretary Alejandro Mayorkas in a press release on the agency’s website after it was revealed at the recent Bloomberg Technology Summit and covered by The Record. The program promises to pay out between $500 and $5,000 to “vetted cybersecurity researchers who have been invited to access select external DISH systems.” The actual payout will be based on the severity of the specific vulnerability discovered.
As noted by DHS, this new bounty program builds on similar private-sector efforts and “Hack the Pentagon,” a first-of-its-kind program launched in 2016 that was ultimately responsible for identifying over 100 vulnerabilities across various Defense Department assets. The DHS itself created a similar pilot program in 2019 on the back of a bipartisan bill. It followed related efforts from the Department of Defense, Air Force, and Army.
“The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors,” Mayorkas noted.
The effort will include three phases that will run