Two congressmen have introduced a bill that would create a bug bounty program to challenge ethical hackers to find cyber weaknesses in the State Department.
Reps. Ted Lieu, D-Calif., and Ted Yoho, R-Fla., today introduced the Hack Your State Department Act. It is similar to other bug bounty programs, such as Hack the Pentagon and Hack the Air Force, that have already been set up by the federal government and proven quite successful.
“This program will rely on a bug bounty system where authorized hackers can enter a State Department system, identify and disclose weaknesses and receive compensation. Additionally, it will establish a Vulnerability Disclosure Program to field vulnerabilities reported by the general public,” Lieu and Yoho said in a statement.
“By capitalizing on the skills of some of the best minds in cybersecurity, as well as the general public, we'll be able to make sure the State Department is able to safely and securely continue its mission as America's voice abroad,” Lieu said.
If adopted the bill would require the Secretary of State to create and implement the Vulnerability Disclosure Program (VDP) within 180 days of the date it was passed.
The VDP would be tasked with “providing security researchers with clear guidelines for conducting vulnerability discovery activities directed at Department information technology; and submitting discovered security vulnerabilities to the Department; and creating Department procedures and infrastructure to receive and fix discovered 5 vulnerabilities,” according to the bill.
“It is vital that we do all we can to find the weak links in our government systems and fix them as fast as possible. Hack the State Department enables us to effectively identify our vulnerabilities and use the brightest cybersecurity minds to strengthen our defenses,” Yoho said.