U.S. military invites vetted experts to "Hack the Pentagon"
By Andrea Shalal
SAN FRANCISCO, March 2 (Reuters) - The Pentagon said on Wednesday it would invite vetted outside hackers to test the cybersecurity of some public U.S. Defense Department websites as part of a pilot project next month, in the first-ever such program offered by the federal government.
"Hack the Pentagon" is modeled after similar competitions known as "bug bounties" that are conducted by big U.S. companies, including United Continental Holdings Inc to discover gaps in the security of their networks.
Such programs allow cyber experts to find and identify problems before malicious hackers can exploit them, saving money and time in the event of damaging network breaches.
"I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security," Defense Secretary Ash Carter said in a statement unveiling the pilot program.
One senior defense official said thousands of qualified participants were expected to join the initiative. Details and rules were still being worked out but the competition could involve monetary awards, the Pentagon said.
The Pentagon has long tested its own networks using internal so-called "red teams," but this initiative would open at least some of the department's vast network of computer systems to cyber challenges from across industry and academia.
Participants must be U.S. citizens and will have to register and submit to a background check before being turned loose on a predetermined public-facing computer system, the Pentagon said. It said other more sensitive networks or key weapons programs would not be included, at least initially.
"The goal is not to comprise any aspect of our critical systems, but to still challenge our cybersecurity in a new and innovative way," said the official. Continued...