17:55 GMT04 July 2020
Listen Live
    Military & Intelligence
    Get short URL

    Defense officials aim to simulate cyberattacks through exercises with world’s hackers

    On Wednesday, Pentagon officials announced a new program offering financial incentives to white hat hackers who attack Department of Defense websites, calling the program “bug bounty.”

    The program, set to begin in April, calls for the Pentagon to select a group of hackers, give them Defense Department targets, and ask them to inflict as much damage as possible. As part of the program, the hackers would report findings to the DoD, identifying cybersecurity gaps as well as possible patches, to ensure future protection against cyberterrorism.

    Secretary of Defense Ashton Carter welcomed the plan, saying “I am always challenging our people to think outside the five-sided box that is the Pentagon.” He said that “inviting responsible hackers to test our cybersecurity certainly is in keeping with that imperative.” Carter believes the “innovative initiative will strengthen our digital defense enhancing US national security.”

    Similar “bug bounty” programs have proliferated in recent years inside the private tech sector. The BugCrowd.com website provides a list of over 470 companies that employ competitive hackers, including tech giants Google, Microsoft, PayPal, and Yahoo.

    One Pentagon office downplayed any risks associated with the novel ploy, arguing “Nobody who is a ‘bad guy’ is waiting around for us to introduce a bug bounty to go after a DoD effort. They’re not waiting. They’re doing it now.” In calling for the imperative, the official noted, “We’re constantly under attack already. I can’t possibly emphasize that any more. Just like we have warfighters that are constantly under attack, our networks are constantly being attacked here.”

    Defense Secretary Carter supported the need for simulating cyberattacks by emulating the tech sector’s favored security ploy. “This is a best practice. We should be doing this. We should be thinking of this throughout the entire development of any new technology or product service that we offer within the DoD.

    The question remains: Is the Pentagon seeking a novel way to detect and correct a flawed cybersecurity system, or will they pay hacktivists to embarrass them on the world stage? We’ll find out in April.


    Pentagon Invites Vetted Hackers to Test US Military’s Public Websites
    IRS Says Hackers Targeted More Taxpayer Accounts Than Previously Revealed
    Hackers Exposed by Russian Police Infiltrated World's Payment Systems
    NASA Denies Claims That Hackers Seized Control of Their $200M Drone
    Cyberwarfare, cybersecurity, cyberattack, virus, hackathon, HackingDemocracy, Hacking, Hackers, hacker attack, Hacker, Bug Bounty, PayPal, Yahoo, Microsoft, Google, US Department of Defense (DoD), Pentagon, Ashton Carter, United States
    Community standardsDiscussion