Hackers contracted by the DoD under the Hack the Pentagon initiative have found more than 100 vulnerabilities exceeding Government’s expectations.
Do you remember the ‘Hack the Pentagon‘ initiative? ‘Hack the Pentagon’ is the initiative launched by the US Government this year to test the resilience to cyber attacks of the US defenses.
The Pentagon has launched the first government-funded bug bounty initiative in the world and 1,400 white accepted the challenge.
“I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security,” commented the Defense Secretary Ash Carter.
According to the Reuters, the participants are US citizens and were submitted to background checks before being accepted to the Hack the Pentagon program, this is the principal difference with a common bug bounty initiative.
The program is being led by the DoD Defense Digital Service, which is a small team of engineers and experts, set up in November 2015, meant to “improve the Department’s technological agility and solve its most complex ITproblems.”
Now the white hacker crew has shared the result of its activity, they have found more than 100 vulnerabilities in Pentagon infrastructure under the bug bounty program. Not so bad if we consider that a threat actor like a foreign government could exploit such kind of flaws to compromise Government networks.
In some cases, the hackers have been rewarded up to $US15,000 for disclosures of the worst vulnerabilities.
Highly-sensitive components in the Pentagon infrastructure were not tested by the white hackers recruited by the Government.
The US Defense Secretary Ashton Carter told the Defense One conference in Washington DC that the Hack the Pentagon initiative has dropped the cost of vulnerability discovery and of course allowed improving the security of Government infrastructure.
“They are helping us to be more secure at a fraction of the cost,” Carter said. “And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters.”
“Why hasn’t anybody in the federal government done that?” “There’s not a really good answer to that, right? It’s a pretty successful thing.”
The Secretary Carter also announced the IT giants will join their efforts in order to support the Pentagon in improving the cyber security of its infrastructure.
“We’ve got some additional amazing innovators lined up, so stay tuned there also for who else will be joining,” he said.
Cybersecurity is a primary goal for the US Government, its infrastructures are under unceasing attacks of hackers and nation-state hackers, let’s think for example to the hack of the Office of Personnel Management systems that resulted in the stolen records of 21.5 million current and former government employees.