Defense

Army announces bug bounty program

Shutterstock image. 

That old Army slogan, "We Want You!" is taking on a new form. Now, the Army is saying, "We Want You -- to Hack Us!"

A few months after the Pentagon wrapped up its first bug bounty program, the Army, in coordination with the Defense Digital Service, is following suit with a newly announced "Hack the Army" program.

"What Hack the Pentagon validated is that there are large numbers of technologists and innovators who want to make a contribution to our nation's security but lack an avenue to do so," said Army Secretary Eric Fanning when announcing the new initiative in Austin, Texas, on Nov. 11.

Fanning said that these bug bounty programs allow white hat hackers the opportunity to help make the DOD and now the Army's digital systems more secure.

The Army will reveal the sites available to be hacked by participants in the coming weeks. Fanning said to expect the challenge to involve public facing recruiting sites that contain dynamic data, rather than the static data sites that were hacked in the DOD bounty program.

"This is dynamic content, this is where we're gathering personal information from people who want to join the Army and people who are in the Army, and we want to make sure that that information is secure," said Fanning.

"These assets have deep ties to the Army's core operations, [and] as Secretary of the Army, the security of these foundational systems is incredibly important to me," Fanning added.

"There are people all over the world that are trying to get access to our sites, our data, our information, and we have a very well trained, incredibly capable team in the military, in the Department of Defense, but it's not enough," said Fanning. "The more different sets of eyes, more different teams…that we can bring to this problem, the more secure we're going to feel about our information."

Another change from the DOD bounty program is that Hack the Army will be open to members of the military -- active and reserve components -- as well as government civilians. The DOD program was open only to private civilians who passed through a security clearance.

Like its DOD predecessor, the Army bounty is being administered in partnership with HackerOne. The Hack the Pentagon competition attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved and the hackers received tens of thousands of dollars of prize money in return.

Fanning said that the Army bug bounty is part of the broader effort to make it easier for private industry to do business with the Pentagon.

"We recognize that we can't continue to do business the way that we are and that we're not agile enough to keep up with a number of things in the tech world," said Fanning.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.