The Department of Homeland Security has announced the launch of "Hack DHS," a new bug bounty program designed to identify potential security vulnerabilities in certain DHS systems.
Vetted security researchers who have been invited to the program will be able to access "select external DHS systems" to identify flaws that attackers might exploit. Hackers will be rewarded for the bugs they find; however, the DHS has not shared any details about their compensation.
Hack DHS will take place throughout three phases during the 2022 fiscal year, with the goal of creating a model that organizations across government can use to improve security posture. In the first phase, participants will do virtual assessments of certain DHS external systems; in the second, they will join a live, in-person hacking event. During the third phase, DHS will review lessons learned and plan for future bug bounties, officials explained in a release on the news.
The program will use a platform built by CISA and be monitored by the DHS Office of the Chief Information Officer. Hackers will share their findings with DHS system owners and leadership with details including what the bug is, how they exploited it, and how attackers might use it to access information.
Read the full release from the DHS for more details.