The Defense Department’s “Hack the Pentagon” pilot program has officially kicked off and is accepting applicants, the department said Thursday.
Earlier this month, Defense Secretary Ashton Carter announced on a trip to Silicon Valley that the department planned to start a new “bug bounty” program that would allow hackers to find security vulnerabilities within selected official websites (Defense Daily, March 2). Although companies such as Apple [AAPL] and Tesla Motors [TSLA] regularly use such programs to root out bad code in their products, no federal government department or agency has never employed crowdsourcing to help improve cybersecurity.
HackerOne, a Silicon Valley-based firm that offers bug bounty services, was chosen by the department to run the program, according to a statement by Pentagon Press Secretary Peter Cook. On the government side, Defense Digital Service—a Pentagon team of experts founded to help solve tech problems– will lead the effort.
Hacker One has already set up a registration website for potential participants, who must be U.S.citizens or permanent residents. Hackers interested in signing up for the program will have to undergo a criminal background check and must not be on the Treasury Department of Treasury’s Specially Designated Nationals list of individuals involved with terrorism, drug trafficking or other crimes.
“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way,” said Carter. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.”
The program will start on April 18 and end May 12. The department has not yet announced which websites will be targeted as part of the program, but officials have said they will be public-facing and not mission critical. Hackers will not be aiming to find vulnerabilities in weapon systems, secure or classified websites and networks, and any site that hosts personally identifiable information.
Cook said the bounty payments “will depend on a number of factors, but will come from $150,000 in funding for the program.” HackerOne will be responsible for issuing bounties by June 10.