Dive Brief:
- The Pentagon announced Thursday that it is now accepting registrations for “Hack the Pentagon,” a program announced in March by Secretary of Defense Ash Carter.
- The program, the first-ever of its kind offered by the federal government, invites hackers to test the cybersecurity of some public U.S. Department of Defense websites.
- The Pentagon has set aside $150,000 in funding for awards for those who can hack the system and then share details of the vulnerabilities with DoD officials.
Dive Insight:
Bug bounties have become commonplace in Silicon Valley, where companies such as Western Union, Tesla Motors and United Airlines have used them. Uber, for example, even offered a treasure map for security researchers when participating in its bug bounty program. Participants in that program can earn as much as $10,000 for finding major security flaws in the company's system.
But "Hack the Pentagon" is the first time the federal government has used this approach. The program will run from April 18 through May 12.
"The goal is not to comprise any aspect of our critical systems, but to still challenge our cybersecurity in a new and innovative way," a Pentagon official said.
Individuals who take part in the program will be invited to attack only public-facing, non-classified websites. To qualify, participants must be U.S. citizens and will have to register and submit to a background check, the Pentagon said. Participants also cannot be on a watch list for the Treasury department, which tracks people with ties to drug trafficking or terrorism.
"I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security," Defense Secretary Ash Carter said in a statement unveiling the pilot program on March 2.
