The US using hackers to their advantage

News / The US using hackers to their advantage

The US using hackers to their advantage

The Department of Homeland Security (DHS) is launching a new “bug bounty” program in order to help them identify cyber security vulnerabilities in their systems. They are offering specifically selected hackers thousands of dollars to help them identify potential risks; the hackers who identify the most serious bugs will receive the highest bounty. The amount earned will vary between $500 and $5,000 depending on the severity of the vulnerability and the impact of the restoration.  

The announcement of this new program came shortly after the cyber officials of the Biden administration cautioned that threat actors were taking advantage of a new software-related vulnerability. The vulnerability lies in a Java-based software known as "Log4j" that many of the world's biggest tech firms use to configure their applications. The program incentivises highly skilled hackers to identify cyber security weaknesses in government systems before cybercriminals can exploit them. 

The program is set to commence throughout 2022 and will consist of three stages. During the first stage, hackers will complete a virtual assessment of certain external DHS systems. Secondly they will take part in a live, in person, hacking event. Third and last, the DHS will review the information gathered, and plan for future bug bounties.   

The DHS ran a pilot bug bounty program back in 2019, which stemmed from legislation that allowed them to compensate hackers for evaluating their systems. It built on similar efforts, such as the Department of Defence’s “Hack the Pentagon” program. 

Government departments have armies of cyber experts to try and outsmart threat actors but even with teams as resourceful and intelligent as the DHS, having the collective creativity of white hat hackers could help the DHS level the playing field against their adversaries. 

The Department of Homeland Security plans to verify any identified vulnerabilities within two days and either remediate the risks or develop a strategy to remediate them within two weeks.

How secure is

your business?

Security test
How secure is

your business?

Security test