Defense

Army announces bug bounty program

Shutterstock image. 

That old Army slogan, "We Want You!" is taking on a new form. Now, the Army is saying, "We Want You -- to Hack Us!"

A few months after the Pentagon wrapped up its first bug bounty program, the Army, in coordination with the Defense Digital Service, is following suit with a newly announced "Hack the Army" program.

"What Hack the Pentagon validated is that there are large numbers of technologists and innovators who want to make a contribution to our nation's security but lack an avenue to do so," said Army Secretary Eric Fanning when announcing the new initiative in Austin, Texas, on Nov. 11.

Fanning said that these bug bounty programs allow white hat hackers the opportunity to help make the DOD and now the Army's digital systems more secure.

The Army will reveal the sites available to be hacked by participants in the coming weeks. Fanning said to expect the challenge to involve public facing recruiting sites that contain dynamic data, rather than the static data sites that were hacked in the DOD bounty program.

"This is dynamic content, this is where we're gathering personal information from people who want to join the Army and people who are in the Army, and we want to make sure that that information is secure," said Fanning.

"These assets have deep ties to the Army's core operations, [and] as Secretary of the Army, the security of these foundational systems is incredibly important to me," Fanning added.

"There are people all over the world that are trying to get access to our sites, our data, our information, and we have a very well trained, incredibly capable team in the military, in the Department of Defense, but it's not enough," said Fanning. "The more different sets of eyes, more different teams…that we can bring to this problem, the more secure we're going to feel about our information."

Another change from the DOD bounty program is that Hack the Army will be open to members of the military -- active and reserve components -- as well as government civilians. The DOD program was open only to private civilians who passed through a security clearance.

Like its DOD predecessor, the Army bounty is being administered in partnership with HackerOne. The Hack the Pentagon competition attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved and the hackers received tens of thousands of dollars of prize money in return.

Fanning said that the Army bug bounty is part of the broader effort to make it easier for private industry to do business with the Pentagon.

"We recognize that we can't continue to do business the way that we are and that we're not agile enough to keep up with a number of things in the tech world," said Fanning.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.