The U.S. Department of Defense (DoD) has launched a new vulnerability disclosure program to invite ethical hackers to report security weaknesses in the department’s computer systems. The program, named “Hack the Pentagon,” aims to identify vulnerabilities that could be exploited by malicious actors and make the DoD’s systems more secure.
The move comes as the Biden Administration has specifically called for responsible, coordinated vulnerability disclosure across all technology types and sectors to help with detecting flaws in its IT systems nationwide.
The DoD has partnered with cybersecurity firm HackerOne to run the program. HackerOne will provide a platform for hackers to submit vulnerability reports and receive rewards for their efforts. The rewards will be based on the severity of the vulnerability and will range from $100 to $15,000.
The program is open to both U.S. and non-U.S. citizens, and participants must be at least 18 years old. However, only hackers who pass a background check will be eligible for rewards. Additionally, participants will be required to sign a legal agreement outlining the terms and conditions of the program, including non-disclosure of any information related to the program.
The DoD has emphasized that the program is not a license to hack its systems at will. Participants are only allowed to target specific systems and must obtain written authorization before attempting to find vulnerabilities. Any attempts to access unauthorized systems or data will result in disqualification from the program and potential legal action.
For today, access to classified or top-secret networks across the DoD remains off-limits from the competition.
The “Hack the Pentagon” program is part of a broader initiative by the DoD to strengthen its cybersecurity posture. The department has been the target of numerous cyberattacks in the past, including a major breach of its unclassified email system in 2015.
The DoD has also launched other vulnerability disclosure programs in the past, including “Hack the Army,” “Hack the Air Force,” and “Hack the Navy.” These programs have been successful in identifying and addressing security weaknesses in the department’s systems.
The DoD’s decision to open the program to non-U.S. citizens is notable, as the department has historically been hesitant to engage with foreign hackers. However, the department has stated that it recognizes the value of engaging with a global community of ethical hackers and hopes to leverage their expertise to improve its cybersecurity posture.
The “Hack the Pentagon” program has been praised by cybersecurity experts as a positive step towards improving the security of the U.S. government’s computer systems. By working with ethical hackers, the DoD can identify and address security weaknesses before they can be exploited by malicious actors.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.