Pentagon invites hackers to dig for security breaches in federal pilot project
The Pentagon said on Wednesday it would invite outside hackers who have been vetted to test the cyber security of some public U.S. Defense Department websites as part of a pilot project next month, the first such program ever by the federal government.
“Hack the Pentagon” is modeled after similar competitions known as “bug bounties” conducted by many large U.S. companies, including United Continental Holdings Inc, to discover security gaps in their networks.
Such programs allow cyber experts to find and identify problems before malicious hackers can exploit them, saving money and time in the event of damaging network breaches.
“I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security,” Defense Secretary Ash Carter said in a statement unveiling the pilot program.
He told reporters it was time for the Pentagon to learn from best practices used widely across industry, especially since the military was “not getting good grades across the enterprise” for its current level of cyber security.
“We can’t just keep doing what we’re doing. The world changes too fast; our competitors change too fast,” he during a public discussion at the RSA conference.
The Pentagon has long tested its own networks using internal so-called “red teams,” but this initiative would open at least some of the department’s vast network of computer systems to cyber challenges from across industry and academia.
Participants must be U.S. citizens and will have to register and submit to a background check before being turned loose on a predetermined public-facing computer system, the Pentagon said. It said other more sensitive networks or key weapons programs would not be included, at least initially.
“The goal is not to comprise any aspect of our critical systems, but to still challenge our cyber security in a new and innovative way,” said the official.
The initiative is being led by the Pentagon’s Defense Digital Service (DDS), which was set up last November to bring experts from the U.S. technology industry into the military for short stints.
“Bringing in the best talent, technology and processes from the private sector … helps us deliver comprehensive, more secure solutions to the DOD,” said Chris Lynch, a former Microsoft executive and technology entrepreneur who heads DDS.
(Reporting by Andrea Shalal; Editing by Paul Tait and David Gregorio)