Hacking the Pentagon for patriotism and profit

DIG IT AWARD FINALIST: CYBERSECURITY

Hacking the Pentagon for patriotism and profit

The Defense Digital Service is charged with using private-sector talent and best practices to improve critical Defense Department systems -- and hopefully modernize DOD’s IT mindset in the process. Hack the Pentagon, a bug-bounty program that was tested this past spring, did both.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

DOD partnered with HackerOne, a San Francisco-based bug-bounty management startup. More than 1,400 hackers signed up, and the first bug was reported just 13 minutes after the program began. In all, 138 bounties were paid for confirmed vulnerabilities in the five sites that were tested. Individual bounties ranged from $100 to $15,000, depending on the severity of the bug discovered.

The cost of the pilot was approximately $150,000, and Pentagon officials estimated that a traditional security audit to discover those same holes would have cost $1 million. Arguably more important than the money, however, was the policy and planning work to make a government bug-bounty program feasible.

“We spent a tremendous amount of time with our legal team and all of the stakeholders across the departments to make sure that we defined our rules and restrictions down to a T," said Lisa Wiswell, the Defense Digital Service’s digital security lead. "You have to make sure that you tell folks what they can do and, almost even more importantly, what they cannot do."

DOD is now working on a permanent bug-bounty program and issued a request for proposals in August. Other agencies, meanwhile, are looking to the Defense Digital Service for advice on developing programs of their own.

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


inside gcn

  • network security (Shutterstock.com)

    It’s time to repeal and replace network access control

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group