Pentagon Invites Hackers to Hack the Department With Bug Bounty Program

Starting next month, the Pentagon will launch the United States government’s first ever big bounty program to encourage hackers to break into its websites in exchange for cash.

Although details of the bounty itself hasn’t been revealed just yet, the Pentagon confirmed that it will use “commercial sector crowdsourcing” bug bounty programs like HackerOne or BugCrowd to begin with. In other words, the bounty program will be open to a certain caliber of “qualified” hackers who pass background checks.

Furthermore, the program will be restricted in its scope so hackers will be welcomed to target certain defined assets and not mission-critical systems.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter in a press release.  “Inviting responsible hackers to test our cybersecurity certainly meets that test.  I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”

The new initiative is a part of the Obama administration’s comprehensive Cyber National Action Plan announced on Feb 9. The overall objective is to prioritize near-term actions to improve the country’s cyber defenses and to codify a long-term strategy to enhance cybersecurity across all forms of the United States government.

The “Hack the Pentagon” initiative is being put together by the Department of Defense’s – Defense Digital Service (DDS), launched by Secretary of Defense Carter last November. AS an arm of the White House’s dynamic roster of technology experts at the United States Digital Service, it includes a small team of data experts and engineers working toward improving the department’s technological agility and capabilities.

DDS Director and technology entrepreneur Chris Lynch stated:

Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the Department of Defense (DoD), but it also helps us better protect our country.

The pilot bug bounty program will the first in a series of several programs designed to look for vulnerabilities in the department’s websites, applications, and networks.

The pilot program will launch in April and the DoD will provide more details on requirements for participation, bounties and ground rules in the coming weeks of March.

Image credit: Pixabay.