The Pentagon is about to pay hackers to break into government security systems.
The U.S. Department of Defense (DoD) announced yesterday (March 2) that it plans to launch the first "cyber bug bounty program" in the history of the federal government.
The so-called Hack the Pentagon program, which is slated to begin in April, will allow vetted hackers to find weaknesses in the department's public websites, applications and security systems, according to defense officials. Participants could
win money and recognition for their work,
they added.
Bug bounty programs and hackathons are common in private industry. Google, Facebook and Microsoft already use them to expose gaps in their own software. Additionally, these programs can help prevent disruptions in service and reduce the impact of cyberattacks on companies and government agencies, according to cybersecurity experts.
"Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country," Chris Lynch, director of the DoD's Defense Digital Service, said in a statement.
Participants in the government's Hack the Pentagon program will be required to register and submit to a background check.Once vetted, these hackers will participate in a controlled, limited-duration program that will allow them to identify holes in a predetermined network system, according to the Department of Defense. Other networks, including the department’s critical, mission-facing systems, will not be part of the bug bounty pilot program, defense officials said.
The new initiative follows the administration’s Cybersecurity National Action Plan, announced on Feb. 9, which prioritizes near-term actions to improve cyberdefenses and lists a long-term strategy to enhance cybersecurity across all branches of the U.S. government.
"I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security," Secretary of Defense Ash Carter said in a statement.
More information about the Hack the Pentagon program can be found on the Department of Defense's website. Details on the requirements for participation and other ground rules will be available in the coming weeks.
Bug bounty programs and hackathons are common in private industry. Google, Facebook and Microsoft already use them to expose gaps in their own software. Additionally, these programs can help prevent disruptions in service and reduce the impact of cyberattacks on companies and government agencies, according to cybersecurity experts.
"Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country," Chris Lynch, director of the DoD's Defense Digital Service, said in a statement.
Participants in the government's Hack the Pentagon program will be required to register and submit to a background check.Once vetted, these hackers will participate in a controlled, limited-duration program that will allow them to identify holes in a predetermined network system, according to the Department of Defense. Other networks, including the department’s critical, mission-facing systems, will not be part of the bug bounty pilot program, defense officials said.
The new initiative follows the administration’s Cybersecurity National Action Plan, announced on Feb. 9, which prioritizes near-term actions to improve cyberdefenses and lists a long-term strategy to enhance cybersecurity across all branches of the U.S. government.
"I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security," Secretary of Defense Ash Carter said in a statement.
More information about the Hack the Pentagon program can be found on the Department of Defense's website. Details on the requirements for participation and other ground rules will be available in the coming weeks.
