DoD Wants More Hackers To (Legally) Break Into Its Websites

news

The Department of Defense is expanding its "Hack the Pentagon" program by awarding contracts to Silicon Valley firms BugCrowd, HackerOne, and Synack to run ongoing bug bounty contests in search of vulnerabilities.


First launched as a pilot program in 2016 under Secretary Ash Carter, Hack the Pentagon allowed outside cybersecurity professionals to legally attempt to break into its public-facing systems — something that the DoD's enemies are trying to do pretty much every day. The trial run was a success, which led to thousands of security vulnerabilities being identified and remedied, according to a DoD press release.

"Finding innovative ways to identify vulnerabilities and strengthen security has never been more important," Chris Lynch, Director of the Defense Digital Service, said in a statement.

"When our adversaries carry out malicious attacks, they don't hold back and aren't afraid to be creative. Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We're excited to see the program continue to grow and deliver value across the department."

The contracts will see the companies running "continuous, year-long assessments" of DoD assets beyond the public-facing sites of the past. Bug hunters will also be targeting private Pentagon assets, as well as hardware and physical systems.

The outside help is much-needed.

The Pentagon announced a breach of its travel records system just over 10 days ago, which exposed personal information and credit card data on as many as 30,000 military and civilian personnel. And just a few days before that, a report out from the Government Accountability Office showed the scale of vulnerabilities in DoD, especially in its weapons systems, is getting out of hand.

As Task & Purpose previously reported, between 2012 and 2017, penetration testers “routinely found mission critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report said. Also noteworthy was the fact that testers weren’t taking nearly as much time or using sophisticated methods as a nation-state adversary would.

Instead, most used “relatively simple tools and techniques” to take control, and largely operated undetected as a result.

“DoD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.

The contract for the crowd-sourced bug bounty program is worth a cool $34 million, NextGov reported.

SEE ALSO: US Cyber Command Is Reportedly Sliding Into The DMs Of Russian Trolls

NEC Corp.'s machine with propellers hovers at the company's facility in Abiko near Tokyo, Monday, Aug. 5, 2019. The Japanese electronics maker showed a "flying car," a large drone-like machine with four propellers that hovered steadily for about a minute. (Associated Press/Koji Sasahara

'Agility Prime' sounds like a revolutionary new video streaming service, or a parkour-themed workout regimen, or Transformers-inspired niche porno venture.

But no, it's the name of the Air Force's nascent effort to replace the V-22 Osprey with a militarized flying car — and it's set to take off sooner than you think.

Read More Show Less
In this March 12, 2016, file photo, Marines of the U.S., left, and South Korea, wearing blue headbands on their helmets, take positions after landing on a beach during the joint military combined amphibious exercise, called Ssangyong, part of the Key Resolve and Foal Eagle military exercises, in Pohang, South Korea. (Associated Press/Yonhap/Kim Jun-bum)

Task & Purpose is looking for a dynamic social media editor to join our team.

Our ideal candidate is an enthusiastic self-starter who can handle a variety of tasks without breaking a sweat. He or she will own our brand's social coverage while working full-time alongside our team of journalists and video producers, posting to Facebook, Twitter, Instagram (feed, stories, and IGTV), YouTube, and elsewhere.

Read More Show Less
Photos: IMDB

The only thing Hollywood might love more than a good-looking man named Chris — heavy emphasis on might — is a war film. And in recent years, a primary constant in contemporary war films has been facial hair.

Read More Show Less

Editor's Note: This article originally appeared on Business Insider.

The legendary former Navy SEAL Adm. Bill McRaven said at an event on Wednesday that China's technical and national defense capabilities were quickly approaching — and sometimes surpassing — those of the US, representing what he called a "holy s---" moment for the US.

McRaven, who was the head of Special Operations Command during the 2011 operation on the Al Qaeda leader Osama bin Laden's Pakistan compound, said at the Council on Foreign Relations event that "we need to make sure that the American public knows that now is the time to do something" about China's rapid increases in research and developments in technology that threaten US national security.

Read More Show Less

If the Army's Next Generation Squad Weapon program is supposed to produce the iPhone of lethality, then the service is looking for as many killer apps as possible.

Read More Show Less