The Pentagon wants hackers to put its websites’ cyber defenses to the test with its own bug bounty style “Hack the Pentagon” program. Vetted hackers will be invited to test the security of the Department of Defense website. The program, set up by the Pentagon’s Defense Digital Service (DDS), is focused on the public-facing sites and, at least for now, won’t include the testing of more private systems and networks that may contain sensitive data or details on weapons. Bug bounty programs are pretty common. They’re used by companies like Google and Facebook as well as startups to encourage white hat hackers to privately disclose vulnerabilities they find in their sites and services in return for a reward, usually cash. Hack the Pentagon, which launches in April, is the first such program designed by the federal government and is modeled on these traditional bug bounty schemes. The details of the program are still being finalized and the prizes “could involve monetary awards” reports Reuters, but this has yet to be confirmed. Related: John McAfee: US gov’t hack by China is an American nightmare — and the decline of an empire Previously the Pentagon conducted such tests internally but the Department of Defense says it is expecting thousands of applicants. White hat hackers who-are interested must be U.S. citizens and pass a background check before they can start testing the sites. “I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security,” said Defense Secretary Ashton Carter. “Bringing in the best talent, technology and processes from the private sector … helps us deliver comprehensive, more secure solutions to the DOD,” said Chris Lynch, head of DDS. The Pentagon and several government departments are probably having a serious rethink of their cyber defense strategy following a pretty rocky couple of years that saw the Office of Personnel Management hacked, and most recently, the IRS breached by a cyberattack.
More...
Bookmarks