National Security

Cyber Experts Can Hack The Pentagon Legally, With Some Exceptions

[Shutterstock - Andrey Armyagov]

Daily Caller News Foundation logo
Russ Read Pentagon/Foreign Policy Reporter

The Pentagon announced a new policy Monday that will give cyber security researchers a legal pathway to hack the Department of Defense.

The Department of Defense Vulnerability Disclosure Policy provides clear guidelines for researchers to discover vulnerabilities in the Pentagon’s public-facing systems, such as the DoD website itself. Previously, cyber security experts (sometimes known as “white hat” hackers) would have to be directly contracted or directed by the Pentagon to discover bugs.

“The Vulnerability Disclosure Policy is a ‘see something, say something’ policy for the digital domain,” said Secretary of Defense Ash Carter in a statement announcing the new policy. “We want to encourage computer security researchers to help us improve our defenses. This policy gives them a legal pathway to bolster the department’s cybersecurity and ultimately the nation’s security.”

The new policy is a result of the successful “Hack the Pentagon” contest which awarded bounties to vetted hackers who discovered vulnerabilities in the Pentagon’s systems in June. Defense officials paid out $100 to $15,000 for each vulnerability discovered by the 138 bounty winners.

The Pentagon followed up the successful contest by opening registration for “Hack the Army” Monday.

Hackers who wish to submit a bug report to the Pentagon under the new policy have to follow some key guidelines, such as ensuring they do not exploit the vulnerability to gain access to sensitive DoD information or intentionally compromise its systems. In exchange, the DoD will investigate each report and work with the hacker to fix the problem. The Pentagon will also give public recognition to the hacker, should they desire it.

Carter prioritized building relationships with the private cybersecurity sector during his tenure at the Pentagon. He made several trips to Silicon Valley and promoted outreach programs like “Hack the Pentagon” in order to build key relationships with cybersecurity firms. It is unclear if President-elect Trump will continue Carter’s legacy, but he did campaign on improving the security of U.S. computer networks and cyber capabilities.

Follow Russ Read on Twitter

Send tips to russ@dailycallernewsfoundation.org.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.