Hacking the Pentagon could earn you some cash

A pilot program aims to help the US Defense Department beef up its networks by finding any vulnerabilities that could be exploited.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read

The Pentagon wants people to hack into some of its sites to test its cyber defenses.


Think you could hack your way into the Pentagon? A new competition will challenge qualified security pros to do just that.

A project known as "Hack the Pentagon" will dare vetted hackers to break into some public websites of the US Department of Defense as a way of testing the security of those sites, the DOD announced on Wednesday. Part of a pilot program, the initiative will be the first "cyber bug bounty" offered by the US government.

The challenge borrows the bug bounty concept from the private sector. Many companies offer money and other rewards to hackers who discover bugs and security flaws that could put users at risk. Facebook, for example, said it paid $936,000 to 210 researchers in 2015 who disclosed bugs.

Due to launch in April, the government's bug bounty pilot will be the first in a series of programs aimed at hunting down weaknesses in the DOD's applications, networks and websites, according to the DOD.

Cyberattacks have been a growing problem for the US in recent years with hackers breaking into key government sites, including the Pentagon. As hackers use more sophisticated methods, the US needs to find more innovative ways to shore up its cybersecurity defenses to protect critical information from falling into the hands of terrorists, rogue nations and other unfriendly parties.

In August of 2015, Russian hackers were blamed for a cyberattack against the Pentagon that took the Joint Staff's unclassified email system offline, affecting around 4,000 mostly military personnel, CBS News reported at the time. Last June, a cyberattack launched against the US government's personnel office compromised the data of up to 4 million current and former federal employees. The same month, a separate attack blamed on Chinese hackers gained access to highly sensitive documents used to vet federal employees for security clearance.

The pilot program isn't open to just anyone. Hackers and researchers will have to register and submit to a background check. The program itself will be limited to only certain websites. Networks that are part of mission-critical systems will be off limits. Participants could be in store for financial rewards along with recognition of their achievement, said the department.

The challenge is consistent with the White House's Cyber National Action Plan. Unveiled by the Obama administration in February, this plan will pour more than $19 billion into cybersecurity in an attempt to better defend the government, the private sector and American citizens from cyberthreats.