Hackers Will Try to Legally Infiltrate Pentagon in DOD Competition
Hackers Will Help Pentagon Find Computer Vulnerabilities
— -- Specially vetted hackers will be able to legally test one of the Pentagon's secure computer networks next month as part of the "Hack the Pentagon" initiative designed to test the security of Defense Department computers. Qualified participants will compete for a portion of $150,000 in the first "bug bounty" ever sanctioned by the federal government.
The program, beginning April 18, is modeled on those used by major tech corporations who use a "bug bounty," where hackers look for security vulnerabilities in their computer networks or software in return for monetary rewards.
Defense Secretary Ash Carter announced the test program in early March during a visit to Silicon Valley, highlighting what the Pentagon can learn from the private sector. He called the program an “unprecedented effort to test our digital security.”
Interested participants can now register for the program, which will begin on April 18 and last through May 12. The Pentagon will partner with HackerOne, a firm from Silicon Valley that specializes in bug bounty services.
"The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches. Critical, mission-facing computer systems will not be involved in the program," said Peter Cook, the Pentagon Press Secretary, in a statement released Thursday.
Eligible participants will be vetted in order to participate in the program -- they must be a U.S. citizen or permanent resident and not be on the U.S. Department of Treasury's Specially Designated Nationals list, a list of people and organizations engaged in terrorism, drug trafficking and other crimes.
Cook also said that participants who submit qualifying vulnerability reports will also undergo a basic criminal background screening "to ensure taxpayer dollars are spent wisely." Those screening details will be communicated in advance to participants, who will have the ability to opt-out of any screening, but will forgo bounty compensation.
Those interested will be able to register through a website run by HackerOne.
"This initiative will put the department's cybersecurity to the test in an innovative but responsible way," said Carter. "I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot."