Should the Treasury Have a “Bug Bounty” Program to Expose & Fix Vulnerabilities in its Computer Systems? (H.R. 3868)
Do you support or oppose this bill?
What is H.R. 3868?
(Updated October 5, 2018)
This bill would establish a “bug bounty” pilot program within the Treasury Department in which vetted computer professionals could apply to “hack” and try to penetrate weaknesses in the Treasury’s servers in exchange for a cash payment. Participants would be chosen through an application process and subjected to a background check, and would be protected from prosecution for carrying out authorized activities in the bug bounty program. A total of $100,000 would be authorized for fiscal year 2019 to carry out the program.
The Secretary of the Treasury would be required to designate mission critical operations that should be excluded from the bug bounty program, and develop it in consultation with Dept. of Defense offices that put together the “Hack the Pentagon” program in 2016.
The program would be established within 180 days of the bill’s enactment, and 90 days after the bug bounty program is completed the Treasury would have to submit a report on its effectiveness to relevant congressional committees.
Argument in favor
A bug bounty program would be an effective, secure way to test the vulnerabilities in the Treasury Department’s information systems to ensure taxpayer information is protected.
Argument opposed
A bug bounty program could expose weaknesses in the Treasury Department’s information systems that aren’t fixed, allowing them to be exploited by real hackers.
Impact
Participants in the bug bounty program; congressional committees; relevant federal agencies; and the Treasury Department.
Cost of H.R. 3868
A CBO cost estimate is unavailable.
Additional Info
In-Depth: Sponsoring Rep. Ted Budd (R-NC) introduced this bill to improve the security of Americans’ financial information by implementing a “bug bounty” program at the Treasury Department in which vetted computer professionals would try to expose vulnerabilities in its information systems:
“Major incidents of hacking in the private sector continue to underscore the need for strong data security. Americans are required to turn over a host of financial information to the Treasury Department, and accordingly, we should be doing what we can to make sure that this information is as secure as possible. This legislation would financially reward those who discover and report issues with the Treasury Department’s servers. Federal computer systems are prime targets for hackers, and harnessing the power of the private sector to find and eliminate vulnerabilities before hackers strike is an important tool in the toolkit for increased data security. My bill is a step in the right direction by helping expose problems and allowing us time to find solutions before the unthinkable happens.”
Media:
Summary by Eric Revell
(Photo Credit: xijian / iStock)The Latest
-
Protests Grow Nationwide as Students Demand Divestment From IsraelUpdated Apr. 23, 2024, 11:00 a.m. EST Protests are growing on college campuses across the country, inspired by the read more... Advocacy
-
IT: Here's how you can help fight for justice in the U.S., and... 📱 Are you concerned about your tech listening to you?Welcome to Thursday, April 18th, communities... Despite being deep into the 21st century, inequity and injustice burden the U.S. read more...
-
Restore Freedom and Fight for Justice With GravvyDespite being deep into the 21st century, inequity and injustice burden the U.S., manifesting itself in a multitude of ways. read more... Criminal Justice Reform
-
Myth or Reality: Is Our Tech Listening?What's the story? As technology has become more advanced, accessible, and personalized, many have noticed increasingly targeted read more... Artificial Intelligence