Get Task & Purpose in your inbox
DoD Wants More Hackers To (Legally) Break Into Its Websites
The Department of Defense is expanding its "Hack the Pentagon" program by awarding contracts to Silicon Valley firms BugCrowd, HackerOne, and Synack to run ongoing bug bounty contests in search of vulnerabilities.
First launched as a pilot program in 2016 under Secretary Ash Carter, Hack the Pentagon allowed outside cybersecurity professionals to legally attempt to break into its public-facing systems — something that the DoD's enemies are trying to do pretty much every day. The trial run was a success, which led to thousands of security vulnerabilities being identified and remedied, according to a DoD press release.
"Finding innovative ways to identify vulnerabilities and strengthen security has never been more important," Chris Lynch, Director of the Defense Digital Service, said in a statement.
"When our adversaries carry out malicious attacks, they don't hold back and aren't afraid to be creative. Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We're excited to see the program continue to grow and deliver value across the department."
The contracts will see the companies running "continuous, year-long assessments" of DoD assets beyond the public-facing sites of the past. Bug hunters will also be targeting private Pentagon assets, as well as hardware and physical systems.
The outside help is much-needed.
The Pentagon announced a breach of its travel records system just over 10 days ago, which exposed personal information and credit card data on as many as 30,000 military and civilian personnel. And just a few days before that, a report out from the Government Accountability Office showed the scale of vulnerabilities in DoD, especially in its weapons systems, is getting out of hand.
As Task & Purpose previously reported, between 2012 and 2017, penetration testers “routinely found mission critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report said. Also noteworthy was the fact that testers weren’t taking nearly as much time or using sophisticated methods as a nation-state adversary would.
Instead, most used “relatively simple tools and techniques” to take control, and largely operated undetected as a result.
“DoD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.
The contract for the crowd-sourced bug bounty program is worth a cool $34 million, NextGov reported.
WASHINGTON (Reuters) - President Donald Trump on Wednesday named U.S. hostage negotiator Robert O'Brien as his choice to replace John Bolton as his national security adviser, making him the fourth person to hold the post in the Trump administration.
QUANTICO MARINE CORPS BASE, Virginia -- Textron Systems is working with the Navy to turn a mine-sweeping unmanned surface vessel designed to work with Littoral Combat Ships into a mine-hunting craft armed with Hellfire missiles and a .50-caliber machine gun.
Textron displayed the proof-of-concept, surface-warfare mission package designed for the Common Unmanned Surface Vehicle (CUSV) at Modern Day Marine 2019.
"It's a huge capability," Wayne Prender, senior vice president for Applied Technologies and Advanced Programs at Textron Systems, told Military.com on Tuesday.
The U.S. Department of Veterans Affairs put on leave an Atlanta-based administrator and reassigned the region's chief medical officer and seven other staff members while it investigates the treatment of a veteran under its care.
Joel Marrable's daughter discovered more than 100 ant bites on her father when she visited him in early September.
The daughter, Laquna Ross, told Channel 2 Action News: "His room had ants, the ceiling, the walls, the beds. They were everywhere. The staff member says to me, 'When we walked in here, we thought Mr. Marrable was dead. We thought he wasn't even alive, because the ants were all over him.'"
SAN DIEGO, Calif. — A former U.S. Navy sailor was sentenced to 20 years in prison Monday for having sexual contact with a 14-year-old Oceanside girl in 2017, federal prosecutors in San Diego said in a statement.