In a statement, the U.S. Department of Homeland Security (DHS) announced the launching of “Hack DHS”, a new vulnerability bounty program that will allow the ethical hacking community to discover and report security flaws in external systems used by the Agency.
The statement, signed by Secretary Alejandro N. Mayorkas, mentions: “As government quarterback on cybersecurity issues, DHS must lead by example and seek the constant strengthening of its own systems. This program incentivizes the most qualified hackers to detect vulnerabilities before they can be exploited by threat actors.”
Hack DHS will officially start in 2022 and will take place in three different phases: during the first phase, experts will remotely analyze the systems used by DHS for security flaws; the second stage involves a live hacking event; the final stage will consist of the evaluation of results and planning of new security measures.
The program also involves the use of a platform created by the Cybersecurity and Infrastructure Security Agency (CISA) under the supervision of the DHS Office of the Chief Information Officer. This platform will also calculate the rewards that will be given to the researchers, which will range from $500 USD to $5,000 for each reported failure according to its severity.
The discovered flaws will be reported to the owners and developers of the analyzed systems and to DHS; reports should include a technical description of the vulnerability, a method of exploitation and the possible consequences of a successful attack.
This is not the only government initiative of its kind, as previously both the federal government and the U.S. Army implemented ambitious cybersecurity programs such as Hack the Pentagon and Hack the Army: “Hack DHS builds on best practices gained from previous initiatives and widely implemented in the private sector, so we expect the best possible results, “Hack DHS is based on best practices gained from previous initiatives and widely implemented in the private sector, so we expect the best possible results,” concludes DHS.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.