In what may appear to be a shocking twist, the Defense Department has planned to invite hackers to break into their computer systems and test their defenses. The reason? To find and fix any weaknesses before they are subjected to real attacks. The Pentagon joins a growing number of organizations that are taking their security issue to the public for help.
The lack of professionals in this field has forced many organizations to look for outside help. Cyber threats are ever growing, and the serious lack of talent has left data security exposed.
The Pentagon’s unique proposal to call in hackers will be called “Hack the Pentagon,” according to news released by the department.
According to the BaltimoreSun:
“[Defense Secretary Ashton B. Carter said in a statement,] I am always challenging our people to think outside the five-sided box that is the Pentagon. Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
Such invitations are known as “bug bounty” programs. Any organization that needs help will offer a cash reward or a promise of public recognition in a bid to encourage hackers to report problems directly to them, instead of selling security flaws to black markets. Companies such as United Airlines, Facebook, and Microsoft all run such programs. Additionally, other major tech giants are also inviting hackers to break into their systems and inform them of any weaknesses. However, it is the first time a federal entity has joined the list of companies seeking the help of hackers.
Not everything will be offered up though. The Defense Department has stated that only certain systems will be offered for testing. Computer networks that are critical to ongoing missions will be off limits. The Pentagon has been on high alert since last year. The Defense Department has been the victim of high profile attacks in the past.
The BaltimoreSun says:
“Last year, hackers believed to be based in Russia broke into the unclassified email systems of the Joint Chiefs of Staff.”
“The department currently relies on dedicated groups of hackers known as red teams at the National Security Agency and elsewhere to probe its defenses and try to think like the enemy. But opening up the process to outside researchers and experts should bring a broader set of perspectives to bear.”
In another twist to the story, Rock Stevens, an Army captain said that most users of Defense computers were afraid of reporting security problems out of fear of being incriminated for trying to gain access to information. A journal written by Stevens and Capt. Michael Weigand, about the fears of the Defense Personnel, resulted in the creation of a bounty program. According to Stevens the paper caught the attention of Pentagon top officials that opened up doors to this new initiative.