Defense Secretary Ashton Carter has approved a “Hack the Pentagon” pilot program that will offer “bug bounties” for more than a few hackers who can find holes in the military’s cyber defenses.
In a statement Wednesday, Pentagon Press Secretary Peter Cook said the “Hack the Pentagon” initiative would be “the first cyber bug bounty program in the history of the federal government.”
Cook and a senior Defense Department official, who spoke on background, said details had yet to be worked out on when exactly the pilot program would begin and how large the cash awards would be, but the program was expected to launch sometime in April.
“Companies do this all the time” to test their systems, the senior official said, and the Pentagon was following suit. “The thinking was that this was a way to bring in external experts” in the form of a “white hat hacker who could come in and help us,” the official said.
The Pentagon is the target of daily cyber attacks and “now the good guys can come in and actually help. The bad guys aren’t waiting,” the official said. Those offering to compete for the “bug bounties” will be vetted to determine whether they are white hats or black hats, the official said.
White the amount of the awards was still to be worked out, “This is a far cheaper way for us to do security and penetration testing” than actually hiring the hackers, the official said. However, “traditionally bug bounties do involve financial compensation” in some form, the official said.
Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program,” Cook said. “Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.”
Carter said in a statement that “I am always challenging our people to think outside the five-sided box that is the Pentagon. Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
The hacking initiative was the brainchild of the Pentagon’s Defense Digital Service. Carter inaugurated the service last November and brought in Silicon Valley executive Chris Lynch to run it with a small team of engineers and data experts in the effort to improve the Department’s tech agility.
“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” Lynch said in a statement.
In a speech to the Commonwealth Club of San Francisco on Tuesday, Carter called Lynch a “serial entrepreneur in the tech world” who once worked for Microsoft.
“He’s recruited coders from places like Google, Palantir, and Shopify for a tour of duty with DoD,” Carter said. “And he’s done such a good job cutting through red tape, he even figured out how to get away with wearing a hoodie and jeans to the Pentagon every day.”