​The US Department of Defense searches for hackers to penetrate the Pentagon

The Pentagon is looking for a few good computer hackers in a bid to find and fix security vulnerabilities in its systems.
Written by Asha Barbaschow, Contributor

Screened high-tech specialists will be brought in to try to breach the United States Department of Defense's public internet pages in a pilot program aimed at finding and fixing cybersecurity vulnerabilities.

According to the Pentagon, it is the first time the federal government has undertaken a program with outsiders attempting to breach its networks, with officials saying the department's systems get probed and attacked millions of times a day.

Defense officials laid out the broad outlines of the plan on Wednesday, but had few details on how it will work, what Pentagon systems would be tested, and how the hackers would be compensated.

Called "Hack the Pentagon", the program will begin in April, with department officials and lawyers still working through a number of legal issues involving the authorisation of so-called "white-hat hackers" to breach active defense websites.

Defense Secretary Ash Carter said he will be inviting responsible hackers to test the Pentagon's cybersecurity, saying he believes the program will "strengthen our digital defenses and ultimately enhance our national security".

Officials said the pilot program will involve public networks or websites that do not have any sensitive information or personal employee data on them.

It is being called a bounty program, but it is unclear if the hackers will be paid a flat fee or based on their achievements, or whether they will only be offered the glory and notoriety of breaching the world's greatest military systems.

The new program is being led by the Defense Digital Service (DDS), which was created by Carter in November 2015 as a joint initiative from the White House-led United States Digital Services and the Department of Defense.

Headed by tech entrepreneur Chris Lynch, the DDS is composed of a small team of engineers and digital experts, brought into the Department of Defense on a temporary basis from the private sector to work with senior leaders to improve the department's technological capability and to solve its most complex IT problems.

"I envision that Defense Digital Services will be mostly made up of tech people who come in from the outside for a very short time," program architect and acting Under Secretary of Defense for Personnel and Readiness Brad Carson said at the time.

"It's quite possible that defense employees will work alongside them, but the core of the DDS will be tech workers, tech entrepreneurs -- skilled IT professionals working at America's leading companies."

The key is small groups working discrete problems, he said, noting tech companies today use "agile development" as their mantra, employing small teams that get products designed and in use quickly.

After a report from the Pentagon's chief weapons tester about cyber threats early last year, the defense department revealed in September it was stepping up efforts to protect its networks with a new system to help spot flaws.

At the time it was said the aim of the system was to identify vulnerabilities in the military's networks, weapons systems, and installations so that officials can set priorities for fixing them.

Initially, the idea for the system was for it to identify weaknesses in weapons and networks, but the Pentagon said it wanted to adopt a broader and more detailed scope that would also explore how data moves between branches of the military.

On Tuesday, the Pentagon announced it was building a $615 million IT system to support its new National Background Investigations Bureau.

It was reported that the Department of Defense would soon be approaching the private sector to develop the new background-checking computer system.

The National Background Investigations Bureau will form part of the Office of Personnel Management (OPM) for security clearances.

The OPM -- the federal agency in charge of vetting government workers -- was hit by two breaches last year, exposing the personal information of more than 21 million individuals' records.

Former Google CEO and current Alphabet chairman Eric Schmidt was announced on Wednesday as the head of the Pentagon's newly formed innovation board that aims to help the Department of Defense keep up with current technology.

According to Carter, the innovation board will be comprised of up to 12 people who have successfully led large private and public organisations.

The board, which will not engage in discussion of military operations or strategy, will seek to advise the department on areas that are deeply familiar to Silicon Valley companies, such as rapid prototyping, iterative product development, complex data analysis in business decision making, the use of mobile and cloud applications, and organisational information sharing.

It was also reported last year that the Pentagon had created a cybersecurity exchange program with industry, with the Pentagon's CIO Terry Halvorsen saying it was sending career personnel on tours with private cybersecurity companies and bringing in specialists from those companies to gain the skills necessary to defend military networks from hackers.

"There's not a time when I'm not being attacked somewhere in the world," Halvorsen said in October. "We're looking to industry to help us solve some specific areas."

With AAP

Editorial standards