'Hack the Pentagon' cybersecurity test launched by U.S. Defense Department

The Pentagon said on Wednesday it would invite vetted outside hackers to test the cybersecurity of some public U.S. Defense Department websites as part of a pilot project next month, in the first-ever such program offered by the federal government.

Participants must be U.S. citizens and will have to register and submit to a background check

Thomson Reuters Posted: Mar 02, 2016 10:39 AM EST | Last Updated: March 2, 2016

'I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security,' Defense Secretary Ash Carter said in a statement unveiling the pilot program. (Yuri Gripas/Reuters)

The Pentagon said onWednesday it would invite vetted outside hackers to test thecybersecurity of some public U.S. Defense Department websites aspart of a pilot project next month, in the first-ever suchprogram offered by the federal government.

"Hack the Pentagon" is modeled after similar competitionsknown as "bug bounties" that are conducted by big U.S.
companies, including United Continental Holdings Inc todiscover gaps in the security of their networks.

Such programs allow cyber experts to find and identifyproblems before malicious hackers can exploit them, saving moneyand time in the event of damaging network breaches.

"I am confident that this innovative initiative willstrengthen our digital defenses and ultimately enhance ournational security," Defense Secretary Ash Carter said in astatement unveiling the pilot program.

One senior defense official said thousands of qualifiedparticipants were expected to join the initiative. Details and
rules were still being worked out but the competition couldinvolve monetary awards, the Pentagon said.

The Pentagon has long tested its own networks using internalso-called "red teams," but this initiative would open at leastsome of the department's vast network of computer systems tocyber challenges from across industry and academia.

Participants must be U.S. citizens and will have to registerand submit to a background check before being turned loose on apredetermined public-facing computer system, the Pentagon said.It said other more sensitive networks or key weapons programswould not be included, at least initially.

"The goal is not to comprise any aspect of our criticalsystems, but to still challenge our cybersecurity in a new and
innovative way," said the official.

The initiative is being led by the Pentagon's DefenseDigital Service (DDS), which was set up last November to bring
experts from the U.S. technology industry into the military forshort stints.

"Bringing in the best talent, technology and processes fromthe private sector ... helps us deliver comprehensive, more
secure solutions to the DOD," said Chris Lynch, a formerMicrosoft executive and technology entrepreneur who heads DDS.

Carter introduced Lynch during a speech to the CommonwealthClub on Tuesday and said he had already recruited coders fromcompanies like Google and Shopify for aPentagon "tour of duty."

CBC's Journalistic Standards and Practices|About CBC News

Corrections and clarifications|Submit a news tip|