By a vote of 377-3, the House passed the Hack Your State Department Act late Tuesday evening. Sponsored by Reps. Ted Lieu, D-Calif., and Ted Yoho, R-Fla., the bill requires the State Department to implement a Vulnerability Disclosure Process to improve cybersecurity within six months. State will report to Congress on the status of the process six months after the process is set up.
The State Department will be essentially encouraging white-hat hackers to assist the agency with identifying critical vulnerabilities. The process will require “identifying which information technology should be included, providing a readily available means of discovered security vulnerabilities, and identifying the offices and position that will be responsible for addressing security vulnerability disclosures.”
“This legislation focuses on the State Department and it’s something that we need to do because we know that the State Department, over the years, has faced mounting cybersecurity threats from both criminal enterprises and state-sponsored hackers,” Rep. Lieu said on the House floor.
The bill also gives the State Department a year to develop and test a bug-bounty pilot program where researchers can receive “bounties,” or monetary rewards, for reporting digital flaws within the department.
The bill moves on to the Senate where it’s fate is still yet to be decided, as there is no companion bill.