Ask AI
Bill115th CongressFiled May 25, 2017Government Operations and Politics
S. 1281

Hack the Department of Homeland Security Act of 2018

Bill journey · stage 2 of 5

Under committee review

Filed
Comm.
Floor
Both
Law

What it doesSummary passed senate amended (Apr 17, 2018)

Hack the Department of Homeland Security Act of 2017 or the Hack DHS Act

(Sec. 2) This bill directs the Department of Homeland Security (DHS) to establish, within the Office of the Chief Information Officer, a bug bounty pilot program to minimize vulnerabilities to DHS Internet-facing information technology.

A "bug bounty program" is a program under which an approved individual, organization, or company is temporarily authorized to identify and report vulnerabilities of Internet-facing information technology of DHS in exchange for compensation.

Under such program, DHS shall:

  • provide compensation for reports of previously unidentified security vulnerabilities within the websites, applications, and other DHS Internet-facing information technology that are accessible to the public;
  • award a competitive contract tomanage the pilot program and for executing the remediation of vulnerabilities identified bythe program;
  • designate mission-critical operations within DHS that should be excluded from the pilot program;
  • consult with the Department of Justice on how to protect from prosecution approved individuals or entities who comply with the requirements of the program;
  • develop an expeditious process for registration, background checks, and eligibility determinations for participation in the pilot program; and
  • engage interested persons about the structure of the program.

DHS must report to Congress on the program within 180 days of its completion.

What just happenedSep 25, 2018

Placed on the Union Calendar, Calendar No. 752.

Who’s behind it

Sen. Hassan, Margaret Wood [D-NH](D-NH)Sponsor
4 cosponsors2 D2 R
Read on Congress.gov
4cosponsors2committees18actions1amendments2related bills5subjects
  1. Sep 25, 2018CalendarsH12410

    Placed on the Union Calendar, Calendar No. 752.

  2. Sep 25, 2018CommitteeH12200

    Reported (Amended) by the Committee on Homeland Security. H. Rept. 115-964.

    Homeland Security Committee
  3. Sep 25, 2018Committee5000

    Reported (Amended) by the Committee on Homeland Security. H. Rept. 115-964.

    Homeland Security Committee
  4. Sep 13, 2018Committee

    Ordered to be Reported (Amended) by Unanimous Consent.

    Homeland Security Committee
  5. Sep 13, 2018Committee

    Committee Consideration and Mark-up Session Held.

    Homeland Security Committee
  6. Apr 18, 2018IntroReferralH11100

    Referred to the House Committee on Homeland Security.

    Homeland Security Committee
  7. Apr 18, 2018FloorH14000

    Received in the House.

  8. Apr 18, 2018Floor

    Message on Senate action sent to the House.

  9. Apr 17, 2018Floor

    Passed Senate with an amendment by Voice Vote. (text as passed Senate: CR S2224)

  10. Apr 17, 2018Floor17000

    Passed/agreed to in Senate: Passed Senate with an amendment by Voice Vote.(text as passed Senate: CR S2224)

  11. Apr 17, 2018Floor

    The committee substitute as amended agreed to by Unanimous Consent. (text: CR S2224)

  12. Apr 17, 2018Floor

    Measure laid before Senate by unanimous consent. (consideration: CR S2223-2225)

  13. Feb 26, 2018Calendars

    Placed on Senate Legislative Calendar under General Orders. Calendar No. 335.

  14. Feb 26, 2018Committee

    Committee on Homeland Security and Governmental Affairs. Reported by Senator Johnson with an amendment in the nature of a substitute. With written report No. 115-209.

    Homeland Security and Governmental Affairs Committee
  15. Feb 26, 2018Committee14000

    Committee on Homeland Security and Governmental Affairs. Reported by Senator Johnson with an amendment in the nature of a substitute. With written report No. 115-209.

    Homeland Security and Governmental Affairs Committee
  16. Oct 4, 2017Committee

    Committee on Homeland Security and Governmental Affairs. Ordered to be reported with an amendment in the nature of a substitute favorably.

    Homeland Security and Governmental Affairs Committee
  17. May 25, 2017IntroReferral

    Read twice and referred to the Committee on Homeland Security and Governmental Affairs.

    Homeland Security and Governmental Affairs Committee
  18. May 25, 2017IntroReferral10000

    Introduced in Senate

Passed Senate amendedApr 17, 201835

Hack the Department of Homeland Security Act of 2017 or the Hack DHS Act

(Sec. 2) This bill directs the Department of Homeland Security (DHS) to establish, within the Office of the Chief Information Officer, a bug bounty pilot program to minimize vulnerabilities to DHS Internet-facing information technology.

A "bug bounty program" is a program under which an approved individual, organization, or company is temporarily authorized to identify and report vulnerabilities of Internet-facing information technology of DHS in exchange for compensation.

Under such program, DHS shall:

  • provide compensation for reports of previously unidentified security vulnerabilities within the websites, applications, and other DHS Internet-facing information technology that are accessible to the public;
  • award a competitive contract tomanage the pilot program and for executing the remediation of vulnerabilities identified bythe program;
  • designate mission-critical operations within DHS that should be excluded from the pilot program;
  • consult with the Department of Justice on how to protect from prosecution approved individuals or entities who comply with the requirements of the program;
  • develop an expeditious process for registration, background checks, and eligibility determinations for participation in the pilot program; and
  • engage interested persons about the structure of the program.

DHS must report to Congress on the program within 180 days of its completion.

Reported to Senate with amendment(s)Feb 26, 20181

Hack the Department of Homeland Security Act of 2017 or the Hack DHS Act

This bill directs the Department of Homeland Security (DHS) to establish, within the Office of the Chief Information Officer, a bug bounty pilot program to minimize vulnerabilities of DHS Internet-facing information technology.

A "bug bounty program" is a program under which an approved individual, organization, or company is temporarily authorized to identify and report vulnerabilities of DHS Internet-facing information technology in exchange for compensation.

Under such program, DHS shall:

  • provide compensation for reports of previously unidentified security vulnerabilities within the websites, applications, and other DHS Internet-facing information technology that are accessible to the public;
  • award a competitive contract to manage the pilot program and for executing the remediation of vulnerabilities identified by the program;
  • designate mission-critical operations within DHS that should be excluded from the pilot program;
  • consult with the Department of Justice on how to protect from prosecution approved individuals or entities who comply with the requirements of the program;
  • develop an expeditious process for registration, background checks, and eligibility determinations for participation in the pilot program; and
  • engage interested persons about the structure of the program.

DHS must report to Congress on the pilot program within 90 days of its completion.

Introduced in SenateMay 25, 2017

Hack the Department of Homeland Security Act of 2017 or the Hack DHS Act

This bill directs the Department of Homeland Security (DHS) to establish a bug bounty pilot program to minimize vulnerabilities to DHS information systems.

"Bug bounty program" is a program under which an approved computer security specialist or security researcher is temporarily authorized to identify and report vulnerabilities within DHS information systems in exchange for cash payment.

Under such program, DHS shall:

  • provide monetary compensation for reports of previously unidentified security vulnerabilities within the websites, applications, and other DHS information systems that are accessible to the public;
  • develop an expeditious process by which computer security researchers can register with DHS, submit to a background check, and receive a determination as to approval for program participation;
  • designate mission-critical operations within DHS that should be excluded;
  • consult with the Department of Justice on how to ensure that program participants are protected from prosecution for activities authorized under the program;
  • award competitive contracts to manage the program and for executing the remediation of identified vulnerabilities; and
  • engage interested persons, including commercial sector representatives, about the structure of the program.
Hack the Department of Homeland Security Act of 2018 — Informed