The U.S. Department of Defense figures the best way to see if its information systems are secure is to test them. How best to do that? Ask to be bombarded, see what gets in. So DoD announced a “Hack the Pentagon” program, paying “vetted hackers” to try to hack its systems and expose vulnerabilities in the process. It’s a digital version of how Samsonite used to test its luggage.
The vetted hackers will be given only “Predetermined Department Systems” to try to hack. DoD is not inviting hackers to dig into its critical systems. (That invitation is an open one.) So the “Hack the Pentagon” program is a little like testing medicine on mice instead of humans — when you later change organisms what you learned suddenly shows variables you couldn’t anticipate. But getting the private sector to help expose weaknesses in an almost real-world scenario will surely illuminate various techniques and potential security vulnerabilities. Un-vetted hackers, like those who stole and published secure information about more than 20 million federal employees last year, are not eligible to be paid. Someone else will always pay them.
