DHS Offering Bounty for Uncovering Cyber Vulnerabilities


Department of Homeland Security Secretary Alejandro Mayorkas unveiled a “bug bounty” program for his agency — aimed at paying outside hackers to find vulnerabilities in the DHS computer system.

Mayorkas announced the program at the Bloomberg Technology Summit on Tuesday.

According to a tweet from Jeff Seldin, national security correspondent for the Voice of America, Mayorkas said the government will pay between $500-$5,000 “depending on the gravity of the vulnerability.”

The range puts DHS at the lower end for payouts when compared to large tech companies, Bloomberg said.

By comparison, Google said it paid out $6.7 million in bug bounties in 2020. The highest single amount paid was $132,500.

Mayorkas said: “We’re really investing a great deal of money as well as attention and focus on this program.”

Bloomberg reported that many bug bounties are open to anyone. However, DHS said in a statement that its program would include only “vetted cybersecurity researchers who have been invited to access select external DHS systems.”

“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” Mayorkas said.  “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”

 DHS intends to verify any reported vulnerabilities within 48 hours and either remediate or develop a plan to remediate them within 15 days, Mayorkas said.

Mayorkas said his department reported a quadrupling of ransomware attacks in early 2021. But prolific hacking groups are remaining quiet for the time being.

“Some of the major players we haven’t seen as active as previously,” Mayorkas said. “That doesn’t mean that they’ve gone away, that we’ve defeated them. They very well might have hit the pause button. Vigilance has to remain at an incredibly high level.”