Bug Catchers
DOD hearts hackers
In March, the Department of Defense issued an official invitation to "hack the Pentagon." In a bid to improve security that mimics longstanding practice in private industry, the military invited hackers to find vulnerabilities in the 488 websites it currently runs.
The program is the brainchild of the Defense Digital Service, an office that's supposed to bring youth, engineering expertise, and tech savvy to the feds' kludgy bureaucracy. "I am always challenging our people to think outside the five-sided box that is the Pentagon," said Secretary of Defense Ash Carter in a press release. "Inviting responsible hackers to test our cybersecurity certainly meets that test."
But political concerns have altered the program in ways that are likely to decrease its effectiveness. Only "verified hackers" will be allowed to participate, and they'll have to pass a background check and register with the government—something the best and brightest in the field might be reluctant to do, for obvious reasons. The Defense Department will also provide participants with access to "predetermined department systems" for a "controlled, limited duration," further reducing the probability the program will catch a real security vulnerability.
The pilot program is part of a broader response to recent incursions on federal digital security, including last year's breach in the United States Office of Personnel Management, which compromised the private information of 21.5 million government employees. Less than a month before the new program was announced, an unknown hacker posted a list of nearly 20,000 FBI agents and 9,000 Department of Homeland Security officers online.
This article originally appeared in print under the headline "Bug Catchers."
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post comments
That is one of the dumbest things I have ever read. No real hackers will ever contact them. What they will attract is a slew of dumbasses that think they are hackers.