The House and Senate on Wednesday unanimously passed a legislative vehicle containing several bipartisan bills dealing with cyber security, including one establishing a bug bounty program at the Department of Homeland Security and another to mitigate cyber threats to the federal government’s supply chains for information and communications technology.
The SECURE Technology Act (H.R. 7327) includes the Hack the Department of Homeland Security Act of 2018 (S. 1281) and creates a white-hat or ethical hacker program modeled after one in the Defense Department to identify vulnerabilities in DHS networks and information technology systems.
The Federal Acquisition Supply Chain Security Act of 2018 (S. 3085) would create a federal council to assess national security threats to the federal supply chain for information technology. The council will also provide guidance to agencies to help them understand the risks to their supply chains when making procurement decisions.
Also included in the package is the Public-Private Cybersecurity Cooperation Act (H.R. 6735), which would allow private citizens that discover and disclose vulnerabilities in DHS information systems to do so legally. The act also requires DHS to create a vulnerability disclosure policy to enable these ethical hackers.
The legislative package must be signed by President Trump to become law.