Armed Forces News

The Pentagon extended contracts to three Silicon Valley firms, with the intent of expanding its “Hack the Pentagon” program. The contract holders will probe the Defense Department’s cyber systems, in search of security weaknesses that could be discovered and exploited by enemies.
“Hack the Pentagon” began in 2016 as the first such program of its kind within the federal government. Since then, so-called “ethical” hackers have revealed more than 8,000 potential vulnerabilities in the department’s computer systems.
Under the new initiative, contractors will run two separate “bug bounty assessments.” One involves how DoD’s public sites and applications could be affected, while the other focuses upon internal systems and the sensitive information they contain.
The Pentagon announcement stated that the three companies – Bugcrowd, HackerOne, and Synack – bring “a wide variety of expertise and technical specialization as security assessments scale in type and complexity. The contract will enable vetted hackers to simulate real and insider threats to certain systems, bringing in valuable new security perspectives to emulate combat adversaries and mitigate risk.”
The Defense Digital Service (DDS), an internal agency, will continue to oversee the project and work alongside other federal agencies to foster greater cyber security. The practice is similar to that used in industry by major technology firms.