DIG IT AWARD FINALIST: CYBERSECURITY
Hacking the Pentagon for patriotism and profit
The Defense Digital Service is charged with using private-sector talent and best practices to improve critical Defense Department systems -- and hopefully modernize DOD’s IT mindset in the process. Hack the Pentagon, a bug-bounty program that was tested this past spring, did both.
DOD partnered with HackerOne, a San Francisco-based bug-bounty management startup. More than 1,400 hackers signed up, and the first bug was reported just 13 minutes after the program began. In all, 138 bounties were paid for confirmed vulnerabilities in the five sites that were tested. Individual bounties ranged from $100 to $15,000, depending on the severity of the bug discovered.
The cost of the pilot was approximately $150,000, and Pentagon officials estimated that a traditional security audit to discover those same holes would have cost $1 million. Arguably more important than the money, however, was the policy and planning work to make a government bug-bounty program feasible.
“We spent a tremendous amount of time with our legal team and all of the stakeholders across the departments to make sure that we defined our rules and restrictions down to a T," said Lisa Wiswell, the Defense Digital Service’s digital security lead. "You have to make sure that you tell folks what they can do and, almost even more importantly, what they cannot do."
DOD is now working on a permanent bug-bounty program and issued a request for proposals in August. Other agencies, meanwhile, are looking to the Defense Digital Service for advice on developing programs of their own.
Troy K. Schneider is editor-in-chief of FCW and GCN.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.