DHS will invite security researchers to test their systems and identify cybersecurity vulnerabilities. In return, DHS will hand off a potential bug bounty at times of a viable vulnerability. Unlike other programs, however, DHS plans to let only vetted cybersecurity experts access to “select external DHS systems”. The Defense Agency’s security aide said that “The Hack DHS program encourages highly skilled hackers to find vulnerabilities in our systems before they can be exploited.” DHS wants to maintain the strict control over the Hack DHS program. It’s going to be rolled out in three phases. In the first phase of this phase, the hackers perform virtual assessments on certain external systems. Phase II is a live hacking event, Phase three is a check and the evaluation phase is an ongoing bug hunt for DHS. According to The Record, in regard to the rewards, $500 and $5 will be awarded to each vulnerable. Why does DHS take this approach? It’s likely because there is a long-term goal of developing a model that can be used by other organizations across the federal level to build their cybersecurity resilience.” It isn’t the first time such a program has been run, at the time of the 2012 DoD-launch, which led to more than 250 hackers breaking the passwords of 138 vulnerable individuals.
