DHS Announces “Hack DHS” Bug Bounty Program to Combat Cybersecurity Fraud
DHS announced its new “Hack DHS” program. This is a bug bounty program to help identify cybersecurity vulnerabilities within DHS systems and increase the resilience of the department’s cybersecurity.
Through Hack DHS, vetted cybersecurity researchers who have been invited to access select external DHS systems (“hackers”) will identify vulnerabilities (“bugs”) that could be exploited by bad actors so they can be patched. These hackers will be rewarded with payments (“bounties”) for the bugs they identify.
Hack DHS will occur in three phases throughout Fiscal Year 2022, with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience. During phase one, hackers will conduct virtual assessments on certain DHS external systems. During the second phase, hackers will participate in a live, in-person hacking event. During the third and final phase, DHS will identify and review lessons learned, and plan for future bug bounties.