Pentagon to Reward Hackers Who Find Security Problems on Its Websites
“Hack The Pentagon”, an initiative by the federal government, is the first cyber bug bounty program launched to identify cyber security weaknesses. U.S. Defense officials are inviting hackers to attack the Pentagon.
Participants need to register to take part in the program and must be US citizens. The application page says, “If you have information related to security vulnerabilities in the online services listed in scope below, we want to hear from you.” U.S. officials have stressed that they are not going to include any kind of sensitive “mission-facing” computer systems throughout the program. Further, all hackers must undergo a background check and meet other qualifications.
The program that began on Monday has currently more than 500 people enrolled in the scheme, which will run through May 12. During this particular period of time, hackers are more than welcome to attack selected Department of Defense (“DoD”) public websites, in order to test the strength of its cyber defences. If hackers discover any major flaws, it could yield huge paydays.
An account technician at Cards Technology, Chris Woodward says it’s an approach that many big companies have used earlier.
“I know Microsoft, Google, yahoo and apple have all done this in the past,” Woodward explains. “I don’t think their rewards or pots for whoever wins are as big, but it’s definitely a common thing.”
The payout for hackers able to find what the U.S. Department of Defense calls “vulnerabilities” is 150,000 dollars.
There are nearly 500 web pages monitored by the DoD, according to the list on the Defense Department’s website.
Woodward says it’s carried out through a process called penetration testing.
“When you build something and make it secure from a group of minds, it’s nice to have outside source come in…see if they can’t break through it,” he explains. “If they can, you get to learn what their holes are, patch them up, be stronger from it.”
Robert Siciliano, an online safety expert at Intel Security, told ABC News that this approach that has long been utilized by many corporations was “better late than never.”
“This is a humbling gesture for the federal government and it is without a doubt, the single most proactive way the government is utilizing the brilliance of the crowd to protect our nation’s infrastructure,” Siciliano said.
The group will “participate in a controlled, limited duration program,” and will not be working with the Pentagon’s most top secret systems, according to a news release.
The initiative is being led by the department’s Defense Digital Service. That team, launched by Secretary of Defense Ash Carter, consists of engineers and data experts.
“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Carter in a statement. “Inviting responsible hackers to test our cybersecurity certainly meets that test. Any chance we have to find out our own vulnerabilities first and get them patched up before somebody has that opportunity who’s not going to be up to any good, it’s always a benefit. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”