The Pentagon is ready to be hacked, and it can’t wait to give hackers its money in return.
Pentagon press secretary Peter Cook announced that the department is now accepting registrations for those interested in participating in its “Hack the Pentagon” initiative, announced earlier this month by Secretary of Defense Ash Carter.
“Bug Bounty” programs like this one are commonplace in Silicon Valley, but this initiative is the first of its kind for a government entity. Individuals who take part in the program will be invited to attack public-facing, non-classified websites, such as the Defense.gov homepage, to identify weaknesses that adversarial nations could exploit with cyber attacks.
In exchange for turning over details of the vulnerabilities, participants will be eligible for financial rewards. The news release did not set the individual payment numbers, but said awards will be drawn from $150,000 in funding set aside for the program.
DoD has teamed with HackerOne, described in a news release as “a reputable Bug Bounty-as-a-service firm based out of Silicon Valley,” to manage the pilot program. The bounty pilot will start on Monday, April 18 and end by Thursday, May 12, with qualifying bounties issued by HackerOne no later than Friday, June 10.
The Pentagon official previously said the program hopes to attract “thousands” of individuals to take part in the program, although restrictions do exist on who can participate: eligible participants must be US citizens and not be on a Treasury department watchlist that tracks ties to terrorism or drug trafficking. And those who are successful in hacking the department must undergo a basic criminal background screening to collect their payment.
