The Department of Defense has announced that it will invite hackers to test the cybersecurity infrastructure of the Pentagon in a bug bounty program – the first ever in the history of the federal government.
A pilot program by the Department of Defense will see ‘vetted’ hackers test their hacking prowess on the department’s public webpages to look for vulnerabilities. The bug bounty program will use commercial sector crowdsourcing platforms for the endeavor, according to a press release by the Department of Defense.
Participants in the bug bounty program will have to be registered and willingly submit to a background check prior to taking any part in the program. After gaining approval, the bug bounty program will see the vetted white hat hackers look for vulnerabilities on a “predetermined department system” in a controlled environment. Fundamentally, the department’s crucial, mission-ready systems will not be under the purview of the bug bounty program.
In a statement, Secretary of Defense Ash Carter claimed:
I am always challenging our people to think outside the five-sided box that is the Pentagon. Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.
Although details are currently scarce, participants in the bug bounty program “could” be eligible for monetary rewards and other recognition, the release revealed.
Aptly named “Hack the Pentagon”, the initiative is put together by the department’s Defense Digital Service (DDS), the new arm of the US Digital Service launched in November 2015. The team is equipped with a small group of engineers and data experts tasked with the duty to improve the department’s technological agility.
DDS Director and tech entrepreneur Chris Lynch added:
Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country.
The ground rules for the bug bounty program will be revealed in the coming weeks in March while the pilot program will see its launch next month in April.