The Department of Homeland Security (DHS), USA, announced their bug bounty program called Hack DHS, which will pay cybersecurity researchers between $500 to $5000 to identify vulnerabilities within the DHS systems.
Homeland Security has invited people to access selected external DHS systems and discover vulnerabilities that could be exploited so that they can be patched.
Hack DHS is scheduled to be carried out in three phases between April 2022 and March 2023. The DHS believes this program would not only build their system’s resilience against cyberattacks but will also be a model for other government organizations to mitigate their vulnerabilities.
Phase 1 will allow hackers to conduct virtual assessments of selected DHS external systems. Phase 2 will allow the hackers to participate in an in-person hacking event, and phase 3 will be used by the DHS to review their bug bounty program and plan for future programs.
“The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity,” said Secretary Alejandro N. Mayorkas.
The Cybersecurity and Infrastructure Agency (CISA) has created the platform for Hack DHS.
The most severe bugs will get the highest rewards. Hackers will have to disclose the vulnerability, how they exploited it and the information accessed.