Statement by Pentagon Press Secretary Peter Cook on DoD’s “Hack the Pentagon” Cybersecurity Initiative
The Department of Defense announced today that it will invite vetted hackers to test the department’s cybersecurity under a unique pilot program. The “Hack the Pentagon” initiative is the first cyber bug bounty program in the history of the federal government.
Under the pilot program, the department will use commercial sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department’s public webpages. The bug bounty program is modeled after similar competitions conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products, and digital services. The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.
Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program. Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system. Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program. Participants in the competition could be eligible for monetary awards and other recognition.
This innovative project is a demonstration of Secretary Carter’s continued commitment to drive the Pentagon to identify new ways to improve the department’s security measures as our interests in cyberspace evolve.
“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter. “Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
Read the full statement == Here ==