Summary: S.1281 — 115th Congress (2017-2018)All Information (Except Text)

Bill summaries are authored by CRS.

Shown Here:
Passed Senate amended (04/17/2018)

Hack the Department of Homeland Security Act of 2017 or the Hack DHS Act

(Sec. 2) This bill directs the Department of Homeland Security (DHS) to establish, within the Office of the Chief Information Officer, a bug bounty pilot program to minimize vulnerabilities to DHS Internet-facing information technology.

A "bug bounty program" is a program under which an approved individual, organization, or company is temporarily authorized to identify and report vulnerabilities of Internet-facing information technology of DHS in exchange for compensation.

Under such program, DHS shall:

  • provide compensation for reports of previously unidentified security vulnerabilities within the websites, applications, and other DHS Internet-facing information technology that are accessible to the public;
  • award a competitive contract tomanage the pilot program and for executing the remediation of vulnerabilities identified bythe program;
  • designate mission-critical operations within DHS that should be excluded from the pilot program;
  • consult with the Department of Justice on how to protect from prosecution approved individuals or entities who comply with the requirements of the program;
  • develop an expeditious process for registration, background checks, and eligibility determinations for participation in the pilot program; and
  • engage interested persons about the structure of the program.

DHS must report to Congress on the program within 180 days of its completion.