Éditoriaux Défense Sécurité Terrorisme Zones de conflits Logistique Livres de référence Liens
Terre Air Mer Gendarmerie Renseignement Infoguerre Cyber Recherche

DoD Invites Vetted Specialists to

DoD Invites Vetted Specialists to ‘Hack’ the Pentagon

By Cheryl Pellerin, DoD News, Defense Media Activity.
Washington D.C. — (DoD News) — March 2, 2016 — The Defense Department is launching a pilot program in April to allow vetted computer security specialists to do their best to hack DoD public web pages, Pentagon Press Secretary Peter Cook said today. “Hack the Pentagon” is the first cyber bug bounty program in the history of the federal government, Cook said in a statement issued today. Bug bounty programs are offers by software developers and company websites to reward people who report bugs related to vulnerabilities or hacking exploits.

1st CMXS special communications maintenance technicians at work

Jarrett Ridlinghafer, at the time a technical support engineer for Netscape, created the first “bugs bounty” program in 1995, according to the entrepreneur’s website. Today bugsheet.com has a directory of 369 such programs offered by everyone from Adobe and Amazon to Twitter and Sony.

Commercial-Sector Crowdsourcing

“We can't hire every great ‘white hat’ hacker to come in and help us,” a senior defense official said today on a media call, “but [Hack the Pentagon] allows us to use their skill sets, their expertise, to help us build better more secure products and make the country more secure.”

Cook said the department will use commercial-sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department's public webpages.

“The bug bounty program is modeled after similar competitions conducted by some of the nation's biggest companies to improve the security and delivery of networks, products and digital services,” Cook said.

The pilot is the first in a series of programs designed to test and find vulnerabilities in the department's applications, websites and networks, he added.

Bug Bounty

The Pentagon’s bug bounty participants will have to register and submit to a background check before being involved in the program.

Once vetted, Cook said, the hackers will participate in a controlled, limited-duration program during which they’ll be able to identify vulnerabilities on a predetermined department system.

“Other networks, including the department's critical, mission-facing systems, will not be part of the bug bounty pilot,” he added, noting that bug bounty hunters could receive monetary awards and other recognition.

The program, Cook said, shows Defense Secretary Ash Carter’s commitment to driving the Pentagon to identify new ways to improve the department's cybersecurity.

Enhancing National Security

Carter said he’s confident the initiative will strengthen DoD’s digital defenses and ultimately enhance national security. The department’s Defense Digital Service, launched by Carter last November, is leading Hack the Pentagon.

Cook said the DDS is an arm of the White House's cadre of technology experts at the U.S. Digital Service and includes a small team of engineers and data experts meant to improve DoD’s technological agility.

“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country," DDS director and technology entrepreneur Chris Lynch said.

Hack the Pentagon, Cook said, “is consistent with the administration's Cyber National Action Plan announced on Feb. 9 that prioritizes near-term actions to improve our cyber defenses and codifies a long-term strategy to enhance cybersecurity across the U.S. government.”

The pilot program will launch in April and the department will provide more details on requirements for participation and other ground rules in the coming weeks, he said.

A live asset will be chosen as the target for the hackers, the senior defense official said, but one that is under constant attack and has no personally identifiable or mission-critical information.

“We are going to be bringing in a very broad program where over time we can look at multiple assets that we would like to have the bounty run against, but for now … we're going to introduce a program where people have to register, they're going to be vetted and there will be obvious things like they're not going to be on terrorist watch lists,” he said.

The official added, “We see this growing into something that we can use as a broader tool to help make our systems and our services more secure, not only for the Department of Defense but across the federal government.”
(Follow Cheryl Pellerin on Twitter: @PellerinDoDNews)

Related Biographies
Peter Cook : Peter Cook serves as the Assistant to the Secretary of Defense for Public Affairs, the principal

Related Links
Statement by Pentagon Press Secretary Peter Cook on DoD’s ‘Hack the Pentagon’ Cybersecurity Initiative
Special Report: The DoD Cyber Strategy
’Hack the Pentagon’ Pilot Program Opens for Registration
Hack the Pentagon Registration
 

 


 


Derniers articles

Verdun 2016 : La légende de la « tranchée des baïonnettes »
Eyes in the Dark: Navy Dive Helmet Display Emerges as Game-Changer
OIR Official: Captured Info Describes ISIL Operations in Manbij
Cyber, Space, Middle East Join Nuclear Triad Topics at Deterrence Meeting
Carter Opens Second DoD Innovation Hub in Boston
Triomphe de St-Cyr : le Vietnam sur les rangs
Dwight D. Eisenhower Conducts First OIR Missions from Arabian Gulf
L’amiral Prazuck prend la manœuvre de la Marine
Airmen Practice Rescuing Downed Pilots in Pacific Thunder 16-2
On ne lutte pas contre les moustiques avec une Kalachnikov...
Enemy Mine: Underwater Drones Hunt Buried Targets, Save Lives
Daesh Publications Are Translated Into Eleven Languages
Opération Chammal : 10 000 heures de vol en opération pour les Mirage 2000 basés en Jordanie
Le Drian : Daech : une réponse à plusieurs niveaux
Carter: Defense Ministers Agree on Next Steps in Counter-ISIL Fight
Carter Convenes Counter-ISIL Coalition Meeting at Andrews
Carter Welcomes France’s Increased Counter-ISIL Support
100-Plus Aircraft Fly in for Exercise Red Flag 16-3
Growlers Soar With B-1s Around Ellsworth AFB
A-10s Deploy to Slovakia for Cross-Border Training
We Don’t Fight Against Mosquitoes With a Kalashnikov
Bug-Hunting Computers to Compete in DARPA Cyber Grand Challenge
Chiefs of US and Chinese Navies Agree on Need for Cooperation
DoD Cyber Strategy Defines How Officials Discern Cyber Incidents from Armed Attacks
Vice Adm. Tighe Takes Charge of Information Warfare, Naval Intelligence
Truman Strike Group Completes Eight-Month Deployment
KC-46 Completes Milestone by Refueling Fighter Jet, Cargo Plane
Air Dominance and the Critical Role of Fifth Generation Fighters
Une nation est une âme
The Challenges of Ungoverned Spaces
Carter Salutes Iraqi Forces, Announces 560 U.S. Troops to Deploy to Iraq
Obama: U.S. Commitment to European Security is Unwavering in Pivotal Time for NATO
International Court to Decide Sovereignty Issue in South China Sea
La SPA 75 est centenaire !
U.S. to Deploy THAAD Missile Battery to South Korea
Maintien en condition des matériels : reprendre l’initiative
La veste « léopard », premier uniforme militaire de camouflage
Océan Indien 2016 : Opérations & Coopération
Truman Transits Strait of Gibraltar
Navy Unveils National Museum of the American Sailor
New Navy, Old Tar
Marcel Dassault parrain de la nouvelle promotion d’officiers de l’École de l’Air
RIMPAC 2016 : Ravitaillement à la mer pour le Prairial avant l’arrivée à Hawaii
Bataille de la Somme, l’oubliée
U.S., Iceland Sign Security Cooperation Agreement
Cléopatra : la frégate Jean Bart entre dans l’histoire du BPC Gamal Abdel Nasser
Surveiller l’espace maritime français aussi par satellite
America's Navy-Marine Corps Team Fuse for RIMPAC 2016
Stratégie France : Plaidoyer pour une véritable coopération franco-allemande
La lumière du Droit rayonne au bout du chemin





Directeur de la publication : Joël-François Dumont
Comité de rédaction : Jacques de Lestapis, Hugues Dumont, François de Vries (Bruxelles), Hans-Ulrich Helfer (Suisse), Michael Hellerforth (Allemagne).
Comité militaire : VAE Guy Labouérie (†), GAA François Mermet (2S), CF Patrice Théry (Asie).

Contact