DoD announces two cybersecurity initiatives
WASHINGTON, D.C. In an effort to draw on the success of last summer's “Hack the Pentagon” bug-bounty pilot -- in which hackers from across the country were given free rein to spot vulnerabilities in specific Department of Defense networks in return for cash payments -- the Department of Defense (DoD) today unveiled two new initiatives designed to further enhance the DoD's cybersecurity position.
The first program, called the DoD Vulnerability Disclosure Policy, gives security researchers clear guidance for testing and disclosing vulnerabilities in DoD websites; it also commits the Department to working openly and in good faith with researchers. “The Vulnerability Disclosure Policy is a ‘see something, say something’ policy for the digital domain,” says Secretary of Defense Ash Carter. “We want to encourage computer security researchers to help us improve our defenses. This policy gives them a legal pathway to bolster the department’s cybersecurity and ultimately the nation’s security.”
Registration is now also open for “Hack the Army,” the next bug-bounty challenge. The competition is modeled after the Defense Digital Service’s "Hack the Pentagon" pilot, but is focused on those websites specifically affecting the Army’s recruiting mission. Secretary of the Army Eric Fanning, when he announced the challenge earlier this month in Austin, Texas, said of the initiative: “We need as many eyes and perspectives on our problem sets as possible and that’s especially true when it comes to securing the Army’s pipeline to future soldiers.”