The initial program is just a test and covers bugs only on public military websites, but the goal is eventually to expand coverage to identify vulnerabilities in apps and networks, the Pentagon said.
Modelled on the Defense Business Board, which provides advice on best business practices from the private sector, the new panel is meant to help the Pentagon become more innovative and adaptive in developing technology and doing business. Nor will the program turn the hackers loose on any mission-critical systems, the Pentagon said.
About the same time, Pentagon Press secretary Peter Cook announced on Wednesday in Washington DC that Defense Secretary Ash Carter met Schmidt during the annual RSA Security Conference in San Francisco.
The US Department of Defense (DoD) is encouraging security researchers from the general public to hack its IT systems and will pay them for reporting issues. Participants could win money and recognition for their work, the agency says. In tech, Google’s bug bounty is probably the mostly widely known. “33% of Bugcrowd’s researcher base is here in the USA, and less than 10% of those submit to background checks”.
The initiative is led by the Department of Defense (DoD)’s Defense Digital Service (DDS), and is the first in a series of programs that will be used to test and uncover vulnerabilities in the DoD’s applications, websites and networks. “I am always challenging our people to think outside the five-sided box that is the Pentagon”, said Secretary Carter.
“Inviting responsible hackers to test our cybersecurity certainly meets the test. I am confident this initiative will strengthen our digital defenses and ultimately enhance our national security”. “You’d much rather find the vulnerabilities in your network in that way than by the other way”, which includes theft of sensitive data and network breaches, said Carter.
“Bringing in the best talent, technology and processes from the private sector…helps us deliver comprehensive, more secure solutions to the DOD”, said Chris Lynch, a former Microsoft executive and technology entrepreneur who heads DDS.
Overall, it’s a step in the right direction, Cran said. He clarified that the board will not engage in discussion of military operations or strategy. More details will be revealed in the coming weeks.