DoD ‘Hack the Pentagon’ competition

Daily News Article   —   Posted on March 4, 2016

(by James Rogers, Fox News) – The Department of Defense is inviting vetted hackers to test its cybersecurity as part of a unique “Hack the Pentagon” competition. [The screened high-tech specialists will be brought in to try to breach the Defense Department’s public Internet pages in a pilot program aimed at finding and fixing cybersecurity vulnerabilities.]

Although similar “cyber bug bounty” initiatives have been used in the corporate sector, this is the first in the history of the federal government.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter, in a statement announcing the competition Wednesday.  “Inviting responsible hackers to test our cybersecurity certainly meets that test.  I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.” 

[Speaking at a tech industry event in San Francisco, Carter said the idea came from Silicon Valley, where tech companies offer financial rewards or bounties for finding vulnerabilities.

“We’re trying to adopt what is a best practice,” he said. “It’s a way of crowdsourcing the expertise and having access to good people. … You’d much rather find the vulnerabilities in your networks in that way” – rather than wait for malicious hackers to steal information or compromise a system.]

As part of the pilot program, which starts next month, the Defense Department will let qualified participants search for vulnerabilities in its public webpages. The vetted hackers will take part in a “controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system,” according to the department. Critical Pentagon systems, however, will not be part of the initiative. [The pilot program will involve public networks or websites that do not have any sensitive information or personal employee data on them.]

People taking part in the competition could be eligible for financial rewards and other unspecified recognition, according to the Department of Defense. [It is being called a “bounty” program and Carter said the hackers would get some kind of reward, beyond the distinction of having beached the world’s greatest military’s systems. But he didn’t provide details.]

Tod Beardsley, security research manager at cybersecurity specialist Rapid 7 welcomed the Pentagon plan. “The acknowledgement from the Pentagon that open and free security assessments on its websites are valuable, and even encouraged, is a huge step forward for the DoD and the U.S. government,” he told FoxNews.com, via email. “The terms are a little more restrictive than many similar programs, but this positive sentiment is a huge win for modern security research and security researchers of all stripes.”

“Hack the Pentagon” is led by the department’s Defense Digital Service, which was launched last year. More details on the competition will be announced during the coming weeks, according to the Defense Department.

Defense Department systems get probed and attacked millions of times a day, officials say. Last year the Department of Defense suffered a cybersecurity breach after Russian hackers infiltrated an unclassified defense computer network.

The Associated Press contributed to this report. Reprinted here for educational purposes only. May not be reproduced on other websites without permission from Fox News. 


Questions

1. Match the following words from the article with their definition. (Write the word in the blank next to its definition):

hacker -- crowdsourcing -- pilot program -- vet -- breach -- vulnerability -- cyber security -- expertise

a) _______________ small-scale, short-term experiment that helps an organization learn how a large-scale project might work in practice

b) _______________ measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack

c) _______________ an occurrence in which someone is able to get into a place that is guarded or is able to get secret information

d) _______________ investigate (someone) thoroughly, especially in order to ensure that they are suitable for a job requiring secrecy, loyalty, or trustworthiness

e) _______________ degree to which (someone) or something is susceptible to harm

f) _______________ obtain (information or input into a particular task or project) by enlisting the services of a number of people, either paid or unpaid, typically via the Internet

g) _______________ expert skill or knowledge in a particular field

h) _______________ a person who uses computers to gain unauthorized access to data; a person who illegally gains access to and sometimes tampers with information in a computer system

2. The first paragraph of a news article should answer the questions who, what, where and when. List the who, what, where and when of this news item. (NOTE: The remainder of a news article provides details on the why and/or how.)

3. What is the significance of this DoD program?

4. a) How does Secretary of Defense Ash Carter describe the program?
b) What outcome would he like to see? (What is the aim of the Hack the Pentagon program?)

5. a) What will the vetted hackers do?
b) What will they receive for their efforts?

6. Why is Secretary Carter initiating this program?

7. What drawbacks could there possibly be to this program? Explain your answer.