The US Department of Homeland Security (DHS) has announced that it is offering up to $5,000 in bug bounties under a new program called Hack DHS. Screened security researchers invited by the agency will have access to specific external DHS systems to identify vulnerabilities that could be exploited by malicious actors. Payments range from $500 to $5,000 depending on the severity of the error.
“As the federal government’s cybersecurity officer, the Department of Homeland Security must lead by example and continually strive to strengthen the security of our systems,” National Security Minister Alejandro Mallorcas said. Hack DHS motivates highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.
The program will be rolled out in three phases, with hackers first performing virtual assessments of the systems. This will be followed by a direct personal hack event for Phase Two, and in Phase Three, DHS will “identify and review lessons learned, and plan rewards for future mistakes.”
Some of the key players we haven’t seen as active as before. This does not mean that they are gone, that we defeated them. It is very likely that they pressed the pause button. Vigilance must remain at an incredibly high level.
The program will use a platform developed by the Cybersecurity and Infrastructure Security Agency (CISA) and monitored by the DHS Office of the Chief Information Officer. This department will check for any errors within 48 hours and either fix them or make a plan to do so within 15 days.
The private industry generally offers much higher bug bounties, with companies like Microsoft and Apple offering payouts of up to $1 million. However, Hack DHS is not an open bounty program, so it is limited to a smaller group of researchers.
The Department of Homeland Security said attacks against it quadrupled in 2021 but that some of the most dangerous groups have slowed. “Some of the key players we haven’t seen as active as before,” Mayorcas said. Bloombergtechnology pinnacle. “It doesn’t mean they went too far, that we beat them. They may have hit the pause button. The vigilance must remain at an incredibly high level.”
All products recommended by Engadget are handpicked by our editorial team, independently of the parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.