Defense Secretary Ashton Carter has approved a “Hack the Pentagon” pilot program that will offer “bug bounties” for more than a few hackers who can find holes in the military’s cyber defenses.
In a statement Wednesday, Pentagon Press Secretary Peter Cook said the “Hack the Pentagon” initiative would be “the first cyber bug bounty program in the history of the federal government.”
Cook and a senior Defense Department official, who spoke on background, said details had yet to be worked out on when exactly the pilot program would begin and how large the cash awards would be, but the program was expected to launch sometime in April.
“Companies do this all the time” to test their systems, the senior official said, and the Pentagon was following suit. “The thinking was that this was a way to bring in external experts” in the form of a “white hat hacker who could come in and help us,” the official said.
The Pentagon is the target of daily cyber attacks and “now the good guys can come in and actually help. The bad guys aren’t waiting,” the official said. Those offering to compete for the “bug bounties” will be vetted to determine whether they are white hats or black hats, the official said.
White the amount of the awards was still to be worked out, “This is a far cheaper way for us to do security and penetration testing” than actually hiring the hackers, the official said. However, “traditionally bug bounties do involve financial compensation” in some form, the official said.
Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program,” Cook said. “Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.” more