You’re Invited: Hack the Pentagon
What’s the best way to discover weaknesses in your computer network? Pay experts to hack it.
The Pentagon is inviting outside hackers to test the security of U.S. Defense Department websites in a pilot program they’re calling “Hack the Pentagon” set to begin in April.
Led by the Pentagon’s Defense Digital Service, the project is modeled after similar competitions known as “bug bounties,” conducted by large corporations like Facebook, United Airlines and Microsoft, but this is a first for the federal government.
The Pentagon will use crowdsourcing to find qualified, vetted hackers who will identify vulnerabilities to help the Department of Homeland Security shore up its security and improve delivery of networks, products, and digital services, according to a statement released by The Pentagon Wednesday.
"I am always challenging our people to think outside the five-sided box that is the Pentagon," Defense Secretary Ashton B. Carter said in the statement. "Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security."
Reuters reports that DJ Patil, the White House's chief data scientist and former LinkedIn executive, said other federal agencies were watching the Pentagon project and could follow suit, which would further enhance collaboration and result in greater economies of scale.
The Pentagon has been on high alert after it was the victim of recent high profile attacks. Last year, hackers thought to be based out of Russia broke into the unclassified email systems of the Joint Chiefs of Staff.
Currently, the department relies on dedicated hackers called at the National Security Agency (NSA) called “red teams” to probe its defenses, but opening up the process to outside researchers and experts should bring a broader set of perspectives.
Rock Stevens, an Army captain currently on leave at the University of Maryland, said the department's systems are so large that insiders alone can't find all the problems.
"There's no way you're going to have dedicated teams doing this even 24/7 that are going to find every vulnerability," he told The Baltimore Sun.
While the exact details are yet to be finalized, the Pentagon said there may be a cash reward, or promise of public recognition.
By Brionne Griffin, FEDagent
Posted in General News