The Homeland Security Department may not wait for a legislative push before starting a bug bounty program, Secretary John Kelly told lawmakers Tuesday. Bug bounties are cash rewards organizations offer to ethical hackers who spot exploitable flaws in their systems. They’re common at major tech companies and have been done in pilot form at the Defense Department and several of the military services. … During Tuesday’s hearing, Kelly also told lawmakers he may reconsider a decision made late in the Obama administration to designate state and local election systems as critical infrastructure. Critical infrastructure is an official DHS designation that makes it easier for the department to provide resources and other aid. Kelly signaled early in his term he supported the designation. He may reconsider the designation, though, in light of “a large amount of pushback” from state-level officials and some members of Congress, he said. State officials consider the designation a federal power grab and worry it could undermine the nonpartisan image of election contests. The National Association of Secretaries of State called on DHS to rescind the designation in February.
Kelly will meet soon with state-level homeland security officials and plans to discuss the designation, he said. “I will put that question to them: Should we back off on that?” he said. “I don’t believe we should, but should we back off? Do you see us as partners and helpers in this … to help you make sure your systems are protected?”
Former DHS Secretary Jeh Johnson made the designation after hackers linked to Russian intelligence services allegedly probed state voting systems without penetrating them.
The designation was made around the same time then-President Barack Obama imposed additional sanctions on Russia and expelled 35 Russian diplomats for an influence operation aimed at disrupting the 2016 presidential election. That influence operation included data breaches at Democratic political organizations.