Hackers contracted by the Defense Department to test the security of its less-sensitive computer systems have found more than 100 vulnerabilities, the Pentagon admitted.
The “Hack the Pentagon” program has exceeded expectations, with 1,400 certified hackers helping find unnoticed security issues in the DoD’s networks, Defense Secretary Ashton Carter said at a Washington, DC tech forum on Friday.
The Defense Department had said previously that it planned to award bounties of upwards to $15,000 to individuals who could find security flaws in Pentagon systems, so they could be fixed before bad actors exploit them. “They are helping us to be more secure at a fraction of the cost,” Carter said Friday. “And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters.”
Individuals who have passed a vetting process would engage in “controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system,” Carter said in March, when the program was launched. Critical and highly-sensitive Pentagon networks, however, remained off-limits to these helpful hackers.
The Pentagon took a cue from Silicon Valley giants like Facebook, Microsoft and Google, who have been putting out millions of dollars in similar bounties for years. “Why hasn’t anybody in the federal government done that?” Mr. Carter said at Friday’s event. “There’s not a really good answer to that, right? It’s a pretty successful thing.”
Back in March, the Pentagon created the Defense Innovation Advisory for the purpose of keeping the Defense Department’s bureaucracy in pace with the private sector. The group is being led by Eric Schmidt, the chairman of Alphabet, Google’s parent company.
Secretary Carter announced in his Friday address that more industry leaders have been added to the board to help the Pentagon, including LinkedIn founder Reid Hoffman. More experts are expected to be added to the board in the future. “We’ve got some additional amazing innovators lined up, so stay tuned there also for who else will be joining,” he said.
The issue of cyber security in federal agencies has come to the forefront in recent years, thanks to attacks being carried out on government networks. Last year, the Office of Personnel Management suffered a hack that resulted in the stolen records of 21.5 current and former government employees, marking one of the largest breaches of government data in US history.