US government invites people to ‘Hack the Pentagon’
One of the best things that an agency can do to improve its cybersecurity programs is to test its current systems for areas of weakness. After all, how can staff improve something if they don't know where it's broken?
The U.S. Department of Defense intends to take that concept to a whole new level next month by inviting vetted hackers to try and break into some of the nation's most important government data bases. The event, called "Hack the Pentagon," will have a pilot launch in April.
Testing the strength of government cybersecurity
The federal U.S. government announced plans earlier this year to advance the security measures of technology across all sectors and for all agencies, including the request for billions of dollars in funding and the creation of the Commission on Enhancing National Cybersecurity. Upgrading to new security measures and retiring old technologies will play a major role in improving technical defenses across the country.
Risk assessment is also a critical part of cybersecurity measures, which is why this Hack the Pentagon plan is being pushed through. According to a statement released by the Department of Defense, the announced "bug bounty program" is the first of its kind in national history.
Technical experts from outside of the government can apply for an opportunity to take part in this pilot program. The exact specifications for participation have not yet been released.
"Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country," said Chris Lynch, director for the Defense Digital Service and a technology entrepreneur.
As NPR reports, sensitive materials will not be open during the hacking session. Only specific systems will be part of the pilot program, and only approved and verified hackers will be given a chance to try and break in. The DoD intends to take the information gathered during this pilot program to help develop more robust security measures across all cybersystems.
The risks of data breaches
Data breaches can have devastating effects on the agencies they target. When it comes to cyberattacks on government groups, the effects can be widespread and could threaten the foundations of national security.
One of the reasons for testing the effectiveness of the Pentagon's cyberdefense systems is because of the critical and confidential information that agency holds. It's also an agency that has already faced attack. According to the New York Times, the federal government accused China of conducting a series of cyberattacks to gain information on vital industrial technology.
IT Web Security reported that government data breaches were the No. 1 source of stolen personal data, according to research conducted by Gemalto. Hundreds of thousands of records have been stolen in recent years from the Internal Revenue Service and the Office of Personnel Management.
"Outside help can expose areas of weakness."
Hiring risks assessors for other agencies
For government agencies that don't have the resources or time to vet private citizens for controlled data hacks, hiring industry IT professionals to test for weaknesses in a database is crucial for improving cybersecurity. While many companies and government groups already have technical experts on staff to help create, implement and manage these systems, hiring trusted and pre-vetted outside help can expose areas of weakness that are hard to catch from the inside. Leaving all cybersecurity measures to a handful of internal employees can create blind spots that are easier to see from outside of the day-to-day management teams.
Another benefit of using IT companies to perform these risk assessments is that they have cross-departmental training that can bring new ideas to any agency. While the tech team at a specific agency may be well-versed in the operations that take place there, another cybersecurity team may be able to introduce new plans that have been successful for other groups. It's a great way for any agency to reassess its current operations and how it can improve in the future.