DoD Invites Vetted Specialists to
DoD Invites Vetted
Specialists to ‘Hack’ the Pentagon
By Cheryl Pellerin, DoD News,
Defense Media Activity.
Washington D.C. — (DoD
News) — March 2, 2016 — The Defense Department is launching a pilot program
in April to allow vetted computer security specialists to do their best to hack
DoD public web pages, Pentagon Press Secretary Peter Cook said today. “Hack the
Pentagon” is the first cyber bug bounty program in the history of the federal
government, Cook said in a statement issued today. Bug bounty programs are
offers by software developers and company websites to reward people who report
bugs related to vulnerabilities or hacking exploits.
1st CMXS special communications maintenance
technicians at work
Jarrett Ridlinghafer, at the time a technical support engineer for Netscape,
created the first “bugs bounty” program in 1995, according to the entrepreneur’s
website. Today bugsheet.com has a directory of 369 such programs offered by
everyone from Adobe and Amazon to Twitter and Sony.
“We can't hire every great ‘white hat’ hacker to come in and help us,” a senior
defense official said today on a media call, “but [Hack the Pentagon] allows us
to use their skill sets, their expertise, to help us build better more secure
products and make the country more secure.”
Cook said the department will use commercial-sector crowdsourcing to allow
qualified participants to conduct vulnerability identification and analysis on
the department's public webpages.
“The bug bounty program is modeled after similar competitions conducted by some
of the nation's biggest companies to improve the security and delivery of
networks, products and digital services,” Cook said.
The pilot is the first in a series of programs designed to test and find
vulnerabilities in the department's applications, websites and networks, he
The Pentagon’s bug bounty participants will have to register and submit to a
background check before being involved in the program.
Once vetted, Cook said, the hackers will participate in a controlled,
limited-duration program during which they’ll be able to identify
vulnerabilities on a predetermined department system.
“Other networks, including the department's critical, mission-facing systems,
will not be part of the bug bounty pilot,” he added, noting that bug bounty
hunters could receive monetary awards and other recognition.
The program, Cook said, shows Defense Secretary Ash Carter’s commitment to
driving the Pentagon to identify new ways to improve the department's
Enhancing National Security
Carter said he’s confident the initiative will strengthen DoD’s digital defenses
and ultimately enhance national security. The department’s Defense Digital
Service, launched by Carter last November, is leading Hack the Pentagon.
Cook said the DDS is an arm of the White House's cadre of technology experts at
the U.S. Digital Service and includes a small team of engineers and data experts
meant to improve DoD’s technological agility.
“Bringing in the best talent, technology and processes from the private sector
not only helps us deliver comprehensive, more secure solutions to the DoD, but
it also helps us better protect our country," DDS director and technology
entrepreneur Chris Lynch said.
Hack the Pentagon, Cook said, “is consistent with the administration's Cyber
National Action Plan announced on Feb. 9 that prioritizes near-term actions to
improve our cyber defenses and codifies a long-term strategy to enhance
cybersecurity across the U.S. government.”
The pilot program will launch in April and the department will provide more
details on requirements for participation and other ground rules in the coming
weeks, he said.
A live asset will be chosen as the target for the hackers, the senior defense
official said, but one that is under constant attack and has no personally
identifiable or mission-critical information.
“We are going to be bringing in a very broad program where over time we can look
at multiple assets that we would like to have the bounty run against, but for
now … we're going to introduce a program where people have to register, they're
going to be vetted and there will be obvious things like they're not going to be
on terrorist watch lists,” he said.
The official added, “We see this growing into something that we can use as a
broader tool to help make our systems and our services more secure, not only for
the Department of Defense but across the federal government.”
(Follow Cheryl Pellerin on Twitter: @PellerinDoDNews)
Peter Cook : Peter Cook serves as the Assistant to the Secretary of Defense for
Public Affairs, the principal
Statement by Pentagon Press Secretary Peter Cook on DoD’s ‘Hack the Pentagon’
Special Report: The DoD Cyber Strategy
’Hack the Pentagon’ Pilot Program Opens for Registration
Hack the Pentagon Registration