The Department of Defense announced on March 2 that it will invite vetted hackers to test the department’s cybersecurity under a unique pilot program. The “Hack the Pentagon” initiative is the first cyber bug bounty program in the history of the federal government.
Under the pilot program, the department will use commercial sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department’s public webpages. The bug bounty program is modeled after similar competitions conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products, and digital services. The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.
Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program. Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system. Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program. Participants in the competition could be eligible for monetary awards and other recognition.
“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter. “Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
The “Hack the Pentagon” initiative is being led by the department’s Defense Digital Service (DDS), launched by Secretary Carter last November. The DDS, an arm of the White House’s dynamic cadre of technology experts at the U.S. Digital Service, includes a small team of engineers and data experts meant to improve the department’s technological agility.
“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” said DDS Director and technology entrepreneur Chris Lynch.
This initiative is consistent with the administration’s Cyber National Action Plan announced on February 9, which prioritizes near-term actions to improve our cyber defences and codifies a long-term strategy to enhance cybersecurity across the U.S. government.
The pilot program will launch in April and the department will provide more details on requirements for participation and other ground rules in the coming weeks.