DoD Wants More Hackers To (Legally) Break Into Its Websites

news

The Department of Defense is expanding its "Hack the Pentagon" program by awarding contracts to Silicon Valley firms BugCrowd, HackerOne, and Synack to run ongoing bug bounty contests in search of vulnerabilities.


First launched as a pilot program in 2016 under Secretary Ash Carter, Hack the Pentagon allowed outside cybersecurity professionals to legally attempt to break into its public-facing systems — something that the DoD's enemies are trying to do pretty much every day. The trial run was a success, which led to thousands of security vulnerabilities being identified and remedied, according to a DoD press release.

"Finding innovative ways to identify vulnerabilities and strengthen security has never been more important," Chris Lynch, Director of the Defense Digital Service, said in a statement.

"When our adversaries carry out malicious attacks, they don't hold back and aren't afraid to be creative. Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We're excited to see the program continue to grow and deliver value across the department."

The contracts will see the companies running "continuous, year-long assessments" of DoD assets beyond the public-facing sites of the past. Bug hunters will also be targeting private Pentagon assets, as well as hardware and physical systems.

The outside help is much-needed.

The Pentagon announced a breach of its travel records system just over 10 days ago, which exposed personal information and credit card data on as many as 30,000 military and civilian personnel. And just a few days before that, a report out from the Government Accountability Office showed the scale of vulnerabilities in DoD, especially in its weapons systems, is getting out of hand.

As Task & Purpose previously reported, between 2012 and 2017, penetration testers “routinely found mission critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report said. Also noteworthy was the fact that testers weren’t taking nearly as much time or using sophisticated methods as a nation-state adversary would.

Instead, most used “relatively simple tools and techniques” to take control, and largely operated undetected as a result.

“DoD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.

The contract for the crowd-sourced bug bounty program is worth a cool $34 million, NextGov reported.

SEE ALSO: US Cyber Command Is Reportedly Sliding Into The DMs Of Russian Trolls

Editor's Note: This article originally appeared on Business Insider

If you're in the market for a bunker in the southwest, you're in luck. A decommissioned missile complex is now on sale outside of Tucson for nearly $400,000. The complex was home to an armed Titan II missile for 24 years, before it was decommissioned in the 1980s.

The structure is listed with Grant Hampton at Realty Executives. Now, the home is back on the market, and these photos show what lies underground in Arizona.

Read More Show Less

Connecting with the youths is all fun and games until Congress starts worrying you could accidentally expose the U.S. military to Chinese data collection, am I right?

Read More Show Less

A Florida Navy Reserve officer rescued a woman who was trapped in a sinking car, according to a report by CBS 47.

Read More Show Less

The Marine Corps will investigate whether another Marine has ties to a white supremacist group after he allegedly made racist comments on neo Nazi message boards that have since been taken down, according to a Marine Corps official.

Vice News reporters Tess Owen and Tim Hume first reported on Nov. 8 that at least three people who posted on the new defunct Iron March message boards were service members, but their story did not include any of the troops' names.

Newsweek reporters James LaPorta and Asher Stockler were able to independently confirm the identity of one of those service members as an active-duty Marine: Lance Corporal Liam J. Collins, an 0311 Rifleman assigned to 1st Battalion, 2nd Marines at Camp Lejeune, North Carolina.

Read More Show Less

WASHINGTON (Reuters) - President Donald Trump said on Tuesday the United States knows the location of the third in command to Islamic State leader Abu Bakr al-Baghdadi, who killed himself last month during a U.S.-led raid.

"We have our eye on his third," Trump said during the question-and-answer session following a speech at the Economic Club of New York. "His third has got a lot of problems because we know where he is too."

Read More Show Less