U.S. military invites vetted experts to “Hack the Pentagon” competition
The U.S. Department of Defense is inviting vetted hackers to “Hack the Pentagon” in an unprecedented effort to test its digital security in the first ever federal government bug bounty, U.S. Secretary of Defense Ash Carter announced in a Facebook post.
Under the pilot program “Hack the Pentagon,” the U.S. Department of Defense allows qualified participants to identify vulnerabilities on the Department’s public web pages. According to Ash Carter, U.S. Secretary of Defense, “the bug bounty is modeled after similar competitions conducted by some of the nation’s biggest companies -Microsoft, Google, and Facebook- to improve the security and delivery of networks, products, and digital services.” The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.
“Hack the Pentagon” requirements
Participants in the “Hack the Pentagon” bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program, the U.S. Department of Defense announced. “Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system. Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program. Participants in the competition could be eligible for monetary awards and other recognition.”
Secretary Carter emphasized in the Facebook post that he is constantly challenging the U.S. Department of Defense to think outside the five-sided box that is the Pentagon and explained that this competition would strengthen the department’s digital defenses and ultimately boost the United States’ security.
“This project is a demonstration of my continued commitment to drive the Pentagon to identify new ways to improve DoD’s security measures as our interests in cyberspace evolve,” Secretary Carter wrote in the post. “Bringing in the best talent, technology, and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country.”
The initiative is being led by the Defense Digital Services (DDS) launched in November 2015 and will start in April. More details on requirements for participation and other ground rules will be announced in the coming weeks, including information about possible monetary awards and other recognition. Participants must be U.S. citizen.