U.S. Army National Guard Photo by Spc. Garrett L. Dipuma
Editor’s Note: This article by Richard Sisk originally appeared on Military.com, the premier source of information for the military and veteran community.
Hackers screened for their good intentions found 138 “vulnerabilities” in the Defense Department’s cyber defenses in a “bug bounty” awards program that will end up saving the Pentagon money, Defense Secretary Ashton Carter said Friday.
Under the “Hack The Pentagon” program, the first ever conducted by the federal government, more than 1,400 “white hat” hackers were vetted and invited to challenge Pentagon’s defenses to compete for cash awards.
Of the 1,400 who entered, about 250 submitted reports on vulnerability and 138 of those “were determined to be legitimate, unique and eligible for bounty,” Carter said at a Pentagon news conference.
The lessons learned from the “Hack The Pentagon” challenge, an initiative of the Defense Digital Services started by Carter, came at a fraction of the cost of bringing in an outside firm to conduct an audit of the Pentagon’s cyber security, he said.
The awards going out total $150,000 while a full-blown cyber audit would have cost at least $1 million, he said. In addition, “we’ve fixed all those vulnerabilities,” Carter said.
No federal agency had ever offered a bug bounty, he noted.
“Through this pilot we found a cost effective way to supplement and support what our dedicated people do every day,” Carter said.
“It’s lot better than either hiring somebody to do that for you or finding out the hard way,” he said. “What we didn’t fully appreciate before this pilot was how many white-hat hackers there are.”
Carter said the Pentagon had plans to encourage defense contractors to submit their programs and products for independent security reviews and bug bounty programs before they deliver them to the government.
In a scathing letter, a top Navy legal official on Sunday expressed "grave ethical concerns" over revelations that government prosecutors used tracking software in emails to defense lawyers in ongoing cases involving two Navy SEALs in San Diego.
The letter, written by David G. Wilson, Chief of Staff of the Navy's Defense Service Offices, requested a response by Tuesday from the Chief of the Navy's regional law offices detailing exactly what type of software was used and what it could do, who authorized it, and what controls were put in place to limit its spread on government networks.
"As our clients learn about these extraordinary events in the media, we are left unarmed with any facts to answer their understandable concerns about our ability to secure the information they must trust us to maintain. This situation has become untenable," Wilson wrote in the letter, which was obtained by Task & Purpose on Monday.
Rebekah "Moani" Daniel and her husband Walter Daniel. (Walter Daniel/Luvera Law Firm)
The Supreme Court on Monday denied a petition to hear a wrongful death case involving the controversial Feres Doctrine — a major blow to advocates seeking to undo the 69-year-old legal rule that bars U.S. service members and their families from suing the government for injury or death deemed to have been brought on by military service.
FORT IRWIN, California -- Anyone who's been here has seen it: the field of brightly painted boulders surrounding a small mountain of rocks that symbolizes unit pride at the Army's National Training Center.
For nearly four decades, combat units have painted their insignias on boulders near the road into this post. It's known as Painted Rocks.