Pentagon Launches First Government Cyber Bug Bounty Program

Defense Secretary Ash Carter addresses the Commonwealth Club of California in San Francisco, March 1, 2016. DoD photo by Navy Petty Officer 1st Class Tim D. Godbee

Defense Secretary Ash Carter addresses the Commonwealth Club of California in San Francisco, March 1, 2016. DoD photo by Navy Petty Officer 1st Class Tim D. Godbee

The Defense Department today announced it is enlisting the help of a select group of “vetted” hackers to participate in the first government cyber bug bounty program.

The pilot project, known as the Hack the Pentagon initiative, will leverage commercial crowdsourcing to find trusted cybersecurity professionals to help uncover vulnerabilities in the Pentagon’s public Web pages.

“Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program,” according to a Defense Department statement. “Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.  Other networks, including the department’s critical, mission-facing systems, will not be part of the bug bounty pilot program.  Participants in the competition could be eligible for monetary awards and other recognition.”

Word of the bounty program comes as Secretary of Defense Ash Carter continues a series of visits to Silicon Valley, where he has kick-started several defense innovation initiatives as well as a major recruitment effort designed to attract the commercial sector’s high-tech talent to tours of duty in the department’s Defense Digital Service.

The Pentagon’s DDS team—an extension of the White House’s U.S. Digital Service—includes a small team of engineers and data experts who have been tasked with improving the department’s technological agility.

“Bringing in the best talent, technology, and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” said DDS Director Chris Lynch, a technology entrepreneur and former Microsoft technologist recruited by Carter to lead the effort.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” Carter said. “Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”

 

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
One Comment
  1. Anonymous | - Reply
    Think this is a great idea (glad they are vetting the hackers first). It's helpful to have hackers on our side when possible.

Leave a Reply


Popular

Recent