Starting in April, the Pentagon will use external “white hat” hackers to find blips and bugs in the department’s public web pages. In what they’re describing as a pilot program, hackers will be asked to find flaws “in a controlled, limited duration program” in a predetermined department system. Those who are successful will be rewarded with a cash bounty.
The participants must be U.S. citizens and will be subjected to a – no doubt, fairly rigorous – background check beforehand. The Department of Defense said it will be giving out more information on joining up in the coming weeks.
“Bug bounty” programs are not unheard of in the world of online corporations and software developers. Big name such as Facebook, Google, and Reddit constantly use them to wheedle out any holes in their security systems before a malicious hacker finds it. Since 2011, Facebook has dished out $2 million in bug bounties. In 2013 alone, it reported 687 rewards were given out to hackers for highlighting flaws in its security.
However, this is the first known time the federal government has ever sourced external hackers to do this job.
Explaining their choice to use outsiders to hack their systems, Secretary of Defense Ash Carter said in a statement: “I am always challenging our people to think outside the five-sided box that is the Pentagon.”
He added, “Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
The move is in line with the Cyber National Action Plan, announced in February, which highlighted a string of short-term and long-term plans to heighten the United State’s cybersecurity.