Why does the US military need a cyber response team for its grocery stores?
After last year hackers infiltrated the computer system of the Pentagon’s food court and compromised the bank data of an unknown number of employees, the Pentagon recently announced that military base grocery stores are susceptible to hacking. The Defense Commissary Agency is now hiring “computer incident response services.”
The Defense Commissary Agency, which operates a worldwide chain of commissaries providing groceries to military personnel, retirees and their families in a safe and secure shopping environment, is currently in the process of employing “computer incident response services” for its shops. The agency, also know as DeCA, “is subject to computer security incidents,” according to Defense Department contracting documents. As a result, the commissary needs emergency support for five years and will pay employees for expenses such as materials and time, as well as an extra $75,000 for every breach for overtime work.
Why do military grocery stores need computer incident response services?
According to the statement, “a computer security incident can involve a real or suspected breach or the act of willfully causing a vulnerability or breach. Typical incidents include the introduction of viruses or worms in a network, DoS (denial of service) attacks, unauthorized alteration of software or hardware, and identity theft of individuals or institutions.” The computer incident response services are meant to prioritize computer issues should an actual or suspected attack “affect the DOD or DeCA mission.” Incidents involving website defacements or payment cards represent some of the “Priority One” issues, which demand availability within one hour.
The supermarket security contractors must be U.S. citizens, go through a background investigation and sign a nondisclosure agreement to handle sensitive personal and technical information. The purpose of defense commissaries is to help people serving in the armed forces save money.
‘Hack the Pentagon’ bug bounty program
As previously reported by jaxenter.com, the U.S. Government is launching its first bug bounty program dubbed “Hack the Pentagon.” The Hack the Pentagon Bug Bounty Pilot will begin on Monday, April 18, 2016 and end on Thursday, May 12, 2016. The U.S. Department of Defense is partnering with HackerOne, a Bug Bounty-as-a-service company based in Silicon Valley, to run the Hack the Pentagon pilot over the next few weeks.
Under the pilot program “Hack the Pentagon,” the U.S. Department of Defense allows qualified participants to identify vulnerabilities on the Department’s public web pages. According to Ash Carter, U.S. Secretary of Defense, “the bug bounty is modeled after similar competitions conducted by some of the nation’s biggest companies -Microsoft, Google, and Facebook- to improve the security and delivery of networks, products, and digital services.” The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.