Here’s Your Chance to Hack the Pentagon

shutterstock_267350237

Are you involved in cyber-security? Ever wanted to test the Pentagon’s digital defenses, without the risk of spending the rest of your life in a dim concrete box?

Now’s your chance: the Department of Defense has launched (so to speak) a “Hack the Pentagon” initiative, featuring a bounty for anyone who finds flaws in the department’s public Webpages.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” Ash Carter, U.S. Secretary of Defense, wrote in a statement accompanying the initiative’s announcement. “Inviting responsible hackers to test our cyber-security certainly meets that test.”

What defines a ‘responsible’ hacker? According to the Department of Defense, it means candidates will need to pass a background check. If they make it through, hackers will participate in a “controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.” So no, you won’t get a chance to participate in your very own version of WarGames.

While the Pentagon wants its public-facing Webpages picked through for flaws, it will not allow hackers in the program to touch critical, mission-facing systems. Nor has it revealed the actual bounties for discovering bugs.

Bug bounties are all the rage these days among private companies, and with good reason: at least on paper, crowd-sourcing a bug-hunt will save time and money. Why rely on a couple dozen in-house security pros to cover every possible attack vector when thousands of outsiders will cheerfully do it instead?

But not every executive thinks that throwing thousands of tech pros at a Website is an acceptable way of uncovering vulnerabilities. “Why would I throw a lot of money at 3% of the problem (and without learning lessons from what you find it really is ‘whack a code mole’) when I could spend that money on better prevention,” Mary Ann Davison, chief security officer at Oracle, wrote in a deleted blog posting last year, “like, oh, hiring another employee to do ethical hacking, who could develop a really good tool we use to automate finding certain types of issues.”

Either way, the Pentagon’s bug-bounty program will debut in April; expect more details in coming weeks.

Image Credit: Markus Mainka/Shutterstock.com

Comments

One Response to “Here’s Your Chance to Hack the Pentagon”

March 05, 2016 at 2:23 pm, Violet Weed said:

Americans do not need to hack the Pentagon. Leave that up to Chinese hacker students from the myriad colleges around Beijing.

AMERICANS ARE TOO BUSY TRYING TO GET RID OF BILL GATES’ H1B AGENDA, TO REPLACE AMERICANS WITH MEDIOCRE THIRD-WORLD SUBCONTINENTALS AND OTHERS.

STAND WITH TRUMP! President TRUMP will MAKE AMERICA GREAT AGAIN!!!

Reply

Post a Comment

Your email address will not be published.