Pentagon: Looking for a Few Good Hackers
WHISTLEBLOWING - SURVEILLANCE, 5 Dec 2016
28 Nov 2016 – In June 2015, the Office of Personnel Management announced that foreign hackers had stolen the personnel records of millions of federal employees, one of the most damaging cyberattacks in history. Just weeks later, the office of the Joint Chiefs of Staff shut down its unclassified email system for several days after officials detected that it had been breached.
These serious intrusions came months after a group affiliated with the Islamic State briefly commandeered the Central Command’s Twitter account and rebranded it as the “Cyber Caliphate.”
Given the enormity of the problem, one of the responses by the Department of Defense might seem befuddling. They’ve asked hackers willing to play by strict rules to find vulnerabilities in some of the Pentagon’s unclassified computer system.
Well-intentioned computer security experts routinely scan the internet in search of vulnerabilities, which they often map out and report. Until now, doing that on Pentagon sites carried the considerable legal risk of running afoul of the Computer Fraud and Abuse Act.
“Hack the Pentagon” kicked off in April with a monthlong trial program that attracted 1,400 so-called white hackers to fiddle with Department of Defense websites on the hunt for weak points that could be exploited to steal data or jam systems. Those hackers spotted 138 weaknesses, according to the Pentagon, and were paid $75,000 in rewards.
Encouraged by the results, the Defense Department last week announced a formal policy permitting outside computer experts to test for vulnerabilities in the system and report them to the department. Secretary of Defense Ashton Carter called the initiative “a ‘see something, say something’ policy for the digital domain.” Those hackers won’t be paid for their reports, but officials hope they will do it out of a sense of duty.
In addition, the department has started “Hack the Army,” a program asking hackers who have been approved by the government to test the Army’s recruiting websites for weaknesses.
While these efforts represent just one aspect of the federal government’s effort to protect secret data more rigorously, Mr. Carter deserves credit for championing an unconventional approach.
“Hack the Pentagon” and “Hack the Army” allows defense officials to draw from a talent pool that includes people who would not ordinarily feel at home in the military’s hierarchical culture. It may well turn into an unconventional recruitment pipeline for an organization that always benefits from outside perspectives and carefully calibrated disruption.
A version of this editorial appears in print on November 28, 2016, on page A20 of the New York edition with the headline: Pentagon: Looking for a Few Good Hackers.
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.
Click here to go to the current weekly digest or pick another article:
WHISTLEBLOWING - SURVEILLANCE: