UNCLE SAM WANTS YOU … TO HACK THE U.S. ARMY

unclesamwants

Computer geeks and hardcore gamers across the world will be clamoring to get their hands on a copy of Ubisoft Entertainment SA’s latest release Watch Dogs 2. In the game, players can simulate real world hacking attacks from the safety of their living rooms.

However, this holiday season there may be a better alternative to fictional video game kicks. The U.S. Department of Defense (DoD), along with big bounty platform HackerOne Inc., Nov. 21 launched the Hack the Army program. Bug bounty programs pay cash rewards to security researchers and white hat hackers that discover software vulnerabilities through approved methods.  

The Hack the Army program comes on the heels of the previous Hack the Pentagon program— also hosted on the HackerOne platform. This first bug bounty program in U.S. government history awarded white hat hackers with individual payouts ranging from $100 to $15,000 for discovering cybersecurity vulnerabilities.  

Alex Rice, chief technology officer and cofounder of HackerOne, told Bloomberg BNA that the government’s first foray into a bug bounties through the Hack the Pentagon program “exceeded expectations.” The pilot program was “significantly more effective than traditional security testing methods,” he said. The Hack the Army program “will expand upon the success of the pilot” and will further disclose vulnerabilities to help secure U.S. national cybersecurity infrastructure, he said.

The Hack the Army bug bounty program is part of a larger Department of Defense initiative that “provides a legal avenue for security researches to find and disclose vulnerabilities in any DoD public-facing systems,” DoD officials said in a statement. The DoD’s “Vulnerability Discolsoure Policy is a ‘see something, say something’ policy for the digital domain,” Secretary Ash Carter said in a Nov. 21 statement. The DoD wants to “encourage computer security researchers to help” improve U.S. cybersecurity infrastructure, Carter said.

Those concerned that opening up a hacking bonanza for nefarious actors may rest easy. Rice said that “criminals are always out there and they don’t wait for an invitation” and this is especially true for the DoD. By “inviting external white hat hackers to tell you where your systems are most vulnerable is a widespread best practice for improving security,” he said. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.