Get Task & Purpose in your inbox
DoD Wants More Hackers To (Legally) Break Into Its Websites
The Department of Defense is expanding its "Hack the Pentagon" program by awarding contracts to Silicon Valley firms BugCrowd, HackerOne, and Synack to run ongoing bug bounty contests in search of vulnerabilities.
First launched as a pilot program in 2016 under Secretary Ash Carter, Hack the Pentagon allowed outside cybersecurity professionals to legally attempt to break into its public-facing systems — something that the DoD's enemies are trying to do pretty much every day. The trial run was a success, which led to thousands of security vulnerabilities being identified and remedied, according to a DoD press release.
"Finding innovative ways to identify vulnerabilities and strengthen security has never been more important," Chris Lynch, Director of the Defense Digital Service, said in a statement.
"When our adversaries carry out malicious attacks, they don't hold back and aren't afraid to be creative. Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We're excited to see the program continue to grow and deliver value across the department."
The contracts will see the companies running "continuous, year-long assessments" of DoD assets beyond the public-facing sites of the past. Bug hunters will also be targeting private Pentagon assets, as well as hardware and physical systems.
The outside help is much-needed.
The Pentagon announced a breach of its travel records system just over 10 days ago, which exposed personal information and credit card data on as many as 30,000 military and civilian personnel. And just a few days before that, a report out from the Government Accountability Office showed the scale of vulnerabilities in DoD, especially in its weapons systems, is getting out of hand.
As Task & Purpose previously reported, between 2012 and 2017, penetration testers “routinely found mission critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report said. Also noteworthy was the fact that testers weren’t taking nearly as much time or using sophisticated methods as a nation-state adversary would.
Instead, most used “relatively simple tools and techniques” to take control, and largely operated undetected as a result.
“DoD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.
The contract for the crowd-sourced bug bounty program is worth a cool $34 million, NextGov reported.
The Air Force is working on a ‘flying car’ to replace the V-22 Osprey — and it could take flight sooner than you think
'Agility Prime' sounds like a revolutionary new video streaming service, or a parkour-themed workout regimen, or Transformers-inspired niche porno venture.
But no, it's the name of the Air Force's nascent effort to replace the V-22 Osprey with a militarized flying car — and it's set to take off sooner than you think.
Task & Purpose is looking for a dynamic social media editor to join our team.
Our ideal candidate is an enthusiastic self-starter who can handle a variety of tasks without breaking a sweat. He or she will own our brand's social coverage while working full-time alongside our team of journalists and video producers, posting to Facebook, Twitter, Instagram (feed, stories, and IGTV), YouTube, and elsewhere.
Editor's Note: This article originally appeared on Business Insider.
The legendary former Navy SEAL Adm. Bill McRaven said at an event on Wednesday that China's technical and national defense capabilities were quickly approaching — and sometimes surpassing — those of the US, representing what he called a "holy s---" moment for the US.
McRaven, who was the head of Special Operations Command during the 2011 operation on the Al Qaeda leader Osama bin Laden's Pakistan compound, said at the Council on Foreign Relations event that "we need to make sure that the American public knows that now is the time to do something" about China's rapid increases in research and developments in technology that threaten US national security.