President Trump has signed two new laws intended to strengthen the Department of Homeland Security’s (DHS’s) cyber defenses. The two bills—the Hack DHS Act and the Public-Private Cybersecurity Cooperation Act—were the result of bipartisan efforts from Senators Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio).
First, the Hack DHS Act is designed to identify cyber vulnerabilities in DHS networks by relying on ethical, or “white-hat,” hackers who are encouraged to try to break into DHS systems. Under the law’s bug-bounty program, the hackers will receive a small monetary award for every vulnerability identified. Hackers who participate in the program are required to submit to a background check and abide by a set of strict, predetermined rules. “Our bipartisan Hack DHS Act will help bolster cybersecurity by harnessing the skills and talent of ethical hackers across the country to help identify vulnerabilities in the Department of Homeland Security’s systems,” Senator Hassan said. The law is modeled after programs already in place at the Department of Defense and in many private technology companies.
The second new law, the Public-Private Cybersecurity Cooperation Act, works in conjunction with the Hack DHS Act by requiring DHS to establish a cyber-vulnerability disclosure program. “At a time when cyber threats are on the rise, the United States government must protect itself. Doing so involves drawing upon the vast expertise of hackers and security experts in our country to identify vulnerabilities and report them to the people in a position to fix those flaws in our system,” said Senator Portman.
In addition to these two new laws, Senators Hassan and Portman have also introduced a bill, the DHS Cyber Incident Response Teams Act, that would codify the use of cyber incident response teams at the DHS.