The Pentagon is one of the best protected places on earth, both physically and digitally, and big figures are spent each year to keep the place as secure as possible.
During the following weeks, the U.S. Department of Defense wants to invest in its security in an uncanny fashion: by paying hackers who manage to break into official government websites.
Meet the "Hack the Pentagon" pilot program, which runs between April 18 and May 12, allowing hackers to attack specific Department of Defense public websites in an effort to locate and highlight cybersecurity weaknesses.
Officials from the U.S. DoD reassure the public that "mission-facing" computer systems will not take part in the experiment. This means that PCs that control the nukes and anti-terrorist cells are safe.
To incentivize the best morally-ambiguous coders to hack into the Pentagon's websites, authorities offer up to $150,000 to those who expose critical security liabilities. News surfaced about the program in early March, but at the time no specific sum was on the table.
There is a catch, though: those who want to join in the program need to pass a background check and meet a tight series of criteria. For example, those coming from countries which the U.S. embargoed are not eligible.
Better Late Than Never
Such pilot programs are commonplace in the tech industry, as big companies often organize "bug bounties" to boost cybersecurity. However, it is a premiere for the U.S. government to deploy a public program of this sort.
Websites that are run by the DoD get harassed or blatantly attacked in huge numbers. For example, 2012 registered 4 billion visits, a quarter of which were detected to have malicious purposes. That amounts to 1 billion attacks to only a few websites, and the hackers' activity intensified in the last four years.
Katie Moussouris is one consultant who worked closely with the Pentagon to implement bug bounty.
"Before this pilot, there was really no legal way for a hacker to report [security flaws] to the U.S. government," she says.
One area where Moussouris thinks the bug bounty will help is in tightening the gap between the federal authorities and the tech community. The two entities were at odds after the Snowden leaks, and the recent FBI vs Apple case does little to increase the fondness between the two groups.
In 2015, an attack on the U.S. Office of Personnel Management was unveiled, and the results were dismaying: the hackers managed to steal personnel data on a few millions U.S. federal employees.
Mikko Hypponen, the chief research officer at F-Secure, warns that the concentrated digital attacks on infrastructure are not a staple of sci-fi movies anymore. This was proven by a series of strikes that caused power outages in Ukraine. The attacks were purported to originate from Russia.
"Cyber warfare and cyberattacks are not just theory," Hypponen notes.
He points out that the United States is one of the most technologized countries in the world, and as such, it makes itself vulnerable.
"You want the hackers to be on your side. You want to work with them," he explains.
We are happy to see that the Pentagon finally acts on the security experts' advice and takes proactive measure to ensure the country's security.