US Department of Defense introduces its first cyber bug bounty programme

The Department of Defense has announced that it will invite vetted hackers to test the department’s cybersecurity under a unique pilot programme.

The ‘Hack the Pentagon’ initiative is the first cyber bug bounty programme in the history of the US federal government.

Pilot cybersecurity project

Under the pilot programme, the department will use commercial sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department’s public webpages.

The bug bounty program is modelled after similar competitions conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products, and digital services.

Background checks of hackers

Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program. Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.

Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program. Participants in the competition could be eligible for monetary awards and other recognition.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter. “Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defences and ultimately enhance our national security.”

Bringing in talent from private sector to benefit the public

“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” said DDS Director and technology entrepreneur Chris Lynch.

Recently, a cybersecurity strategist at the Department of Homeland Security advocated for a bug bounty program in order to take advantage of white hat hackers that currently serve tech firms such as Google and Amazon, but might struggle to be employed by DHS.

The ‘Hack the Pentagon’ initiative will launch in April and the DoD will provide more details on requirements for participation and other ground rules in the coming weeks.


Edited from sources by Cecilia Rehn.