Hack the Pentagon — US Government Challenges Hackers to Break its Security


Dubbed “Hack the Pentagon,” the bug bounty program invites the hackers and security researchers only from the United States to target its networks as well as the public faced websites which are registered under DoD.

The bug bounty program will begin in April 2016, and the participants could win money (cash rewards) as well as recognition for their work, DoD says.

While announcing ‘Hack the Pentagon’ initiative during a conference, DoD said only “Vetted Hackers” can participate in the Bug Bounty program, which means the candidates need to undergo a Background Check after registration and before finding vulnerabilities in its systems.

Moreover, candidates would be given a Predetermined Department Systems (might be real system alike) for a specific time period of the competition to access it.

So, don’t be confuse that the DoD will serve a critical piece of its infrastructure to hackers for disruption, rather the hackers will be allowed to target a predetermined system that is not part of its critical operations.

However, the Department of Defense has not yet confirmed what bounty would be provided to hackers upon a successful penetration of its network or web pages.

Why DoD launches a Bug Bounty program?

Department of Defence currently manages 488 websites related to everything from the 111th Attack Wing, several military units to Yellow Ribbon Reintegration Program.

According to Chris Lynch, Director of Defense Digital Service that’s actually behind the “Hack the Pentagon” initiative:

“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country.”

But, Here’s the Actual Reason You Need to Know:

The hackers, foreign and internal criminals, are actively targeting government departments and critical infrastructure that could reveal national secrets.

Last year’s massive security breach in the United States Office of Personnel Management (OPM) revealed the private information of over 21.5 Million US government employees.

Just last month, an unknown hacker released personal details of at least 20,000 Federal Bureau of Investigation (FBI) agents and 9,000 Department of Homeland Security (DHS) officers.

Almost three years ago, the Pentagon said the Chinese government had conducted cyber attacks on the several United States diplomatic, economic as well as defense industry networks.

Therefore, the real purpose of launching dedicated bug bounty program for hackers could be a government initiative to identify vulnerabilities in its infrastructure that may expose any endangered state secrets.

Just like Bug Bounty programs offered by several Frontliners in the technology industry, Hack The Pentagon would also be an exercise for the federal authorities to boost up the security measures and counter the cyber attacks.

Instead of usual self-conducting Security Audit by the DoD internals itself, the new initiative would provide an opportunity for the fresh brains outside the Pentagon to challenge DoD infrastructure and enhance the security measures.

Source:

Pentagon Launches the Feds’ First ‘Bug Bounty’ for Hackers

Wired.com | Andy Greenberg | 03.02.16. | 1:43 pm

Companies like Google and Facebook have long run “bug bounty” programs that pay cash rewards to independent hackers who dig up and disclose vulnerabilities in their code. Now, for the first time, those bounty-hunting hackers can finally get paid for hacking the feds, too.

On Wednesday the Department of Defense announced that it’s launching a “Hack the Pentagon” pilot program to pay independent security researchers who disclose bugs in the Pentagon’s public-facing websites, and to eventually roll out the initiative to the DoD’s less public targets including its applications and even its networks. The DoD hasn’t yet named which of its websites are part of the program or how much it plans to pay for bug reports. But the announcement nonetheless represents the first time the U.S. federal government has launched a bug bounty program. This is an acknowledgement that even an agency with the Pentagon’s significant cybersecurity resources and expensive contractors doesn’t have enough eyes to find all its hackable vulnerabilities.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” Secretary of Defense Ashton Carter wrote in a statement. “Inviting responsible hackers to test our cybersecurity certainly meets that test.”

Slicing off a few thousand dollars of its $600 billion budget to pay friendly hackers for their work may seem like a no-brainer for the world’s largest spender on IT. But it represents a significant milestone, says Katie Moussouris, the chief policy officer for HackerOne, a security firm that organizes bug bounty programs on behalf of its clients. She argues that it shows the growing awareness that “you can’t find all the bugs yourself,” no matter the size of your budget. “Whether you’re a well-funded government like the U.S. or anyone else, you have to work with the hacker community,” Moussouris says.

The federal government, despite its massive IT spending, has seen repeated breaches over the last several years, including the unprecedented, disastrous breach of the Office of Personnel Management and a hack of the Pentagon itself last year—possibly by Russian hackers—that resulted in the shutdown of the Pentagon’s unclassified email system for weeks. The bug bounty program represents a new approach to shoring up the Pentagon’s defenses, and reflects Defense Secretary Carter’s focus on Silicon Valley as a source of innovation that can be adapted to the military.

The Pentagon’s move could also presage bug bounty programs for other government agencies, Moussouris says, and even parts of the private sector that have been resistant to the idea. Bug bounties are already a norm for Silicon Valley tech firms, and have begun to roll out for unexpected companies like Tesla and United Airlines. But industries like healthcare and automakers have only begun to consider the counterintuitive idea of paying hackers for targeting their products; General Motors, for instance, launched a “vulnerability disclosure” program in January, but with no reward for participating researchers. That actually puts the Pentagon a step ahead of parts of the private sector.

“The significance of the government coming forward and saying this is an important initiative is going to send a ripple through not just other government agencies, but other industries,” says Moussouris. “We’ve begun to see movement. But this is an accelerator.”

Source:

Iklan

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: