DoD ‘Hack the Pentagon’ competition

Daily News Article   —   Posted on March 4, 2016

(by James Rogers, Fox News) – The Department of Defense is inviting vetted hackers to test its cybersecurity as part of a unique “Hack the Pentagon” competition. [The screened high-tech specialists will be brought in to try to breach the Defense Department’s public Internet pages in a pilot program aimed at finding and fixing cybersecurity vulnerabilities.]

Although similar “cyber bug bounty” initiatives have been used in the corporate sector, this is the first in the history of the federal government.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter, in a statement announcing the competition Wednesday.  “Inviting responsible hackers to test our cybersecurity certainly meets that test.  I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.” 

[Speaking at a tech industry event in San Francisco, Carter said the idea came from Silicon Valley, where tech companies offer financial rewards or bounties for finding vulnerabilities.

“We’re trying to adopt what is a best practice,” he said. “It’s a way of crowdsourcing the expertise and having access to good people. … You’d much rather find the vulnerabilities in your networks in that way” – rather than wait for malicious hackers to steal information or compromise a system.]

As part of the pilot program, which starts next month, the Defense Department will let qualified participants search for vulnerabilities in its public webpages. The vetted hackers will take part in a “controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system,” according to the department. Critical Pentagon systems, however, will not be part of the initiative. [The pilot program will involve public networks or websites that do not have any sensitive information or personal employee data on them.]

People taking part in the competition could be eligible for financial rewards and other unspecified recognition, according to the Department of Defense. [It is being called a “bounty” program and Carter said the hackers would get some kind of reward, beyond the distinction of having beached the world’s greatest military’s systems. But he didn’t provide details.]

Tod Beardsley, security research manager at cybersecurity specialist Rapid 7 welcomed the Pentagon plan. “The acknowledgement from the Pentagon that open and free security assessments on its websites are valuable, and even encouraged, is a huge step forward for the DoD and the U.S. government,” he told, via email. “The terms are a little more restrictive than many similar programs, but this positive sentiment is a huge win for modern security research and security researchers of all stripes.”

“Hack the Pentagon” is led by the department’s Defense Digital Service, which was launched last year. More details on the competition will be announced during the coming weeks, according to the Defense Department.

Defense Department systems get probed and attacked millions of times a day, officials say. Last year the Department of Defense suffered a cybersecurity breach after Russian hackers infiltrated an unclassified defense computer network.

The Associated Press contributed to this report. Reprinted here for educational purposes only. May not be reproduced on other websites without permission from Fox News.