The United States Department of Defense (DOD) is ramping up its third effort to let white-hat hackers take a shot at finding vulnerabilities in the Pentagon’s cyber defenses.  Identified vulnerabilities come with a cash award making this really the only time a government is going to compensate you for hacking them rather than coming to your door with a set of handcuffs.

Given that we’re talking about the technology that runs the largest military in the world, this isn’t just a free-for-all of access and hacking.  The two previous hackathons, which are known as “Hack the Pentagon,” were run in conjunction with outside vendors; a company called HackerOne for the first round back in 2016, and additionally Synack and BugCrowd for the 2018 hacks.

The first hacks focused on the DOD’s public websites, but this time around, the government is letting hackers in a bit further.  Hack the Pentagon 3.0 will dive into the Facilities Related Control System network.  Rather than being able to access data or temporarily take down a website, the hackers will be trying to get into the systems that control mechanical operations such as heating and cooling.

The hacking will take place in-person, over the course of 72 hours and obviously hackers won’t have access to any classified data, but it’s still quite noteworthy that they’re being invited on-site at all.  Government defense groups across the world can be quite stingy with what they’ll share about their operations, so exposing these systems creates risk, no matter how well you vet those you’re inviting in.

I’m sure it could be argued that the DOD is one of the top targets in the world for hackers, which means that if vulnerabilities exist within their systems, someone will find them sooner or later.  By inviting thousands of new perspectives on how to break their systems, the DOD becomes less insular and better able to withstand cyberattacks.

State and local governments obviously don’t have the same resources as the best-funded military in the world, but that doesn’t mean there aren’t lessons to be learned.  Since we already know that there are issues hiring for government cybersecurity jobs, it’s going to take some out of the box thinking to be best prepared.  While meeting security standards is a start, it’s a baseline for prevention that can be helped by ideas that seem crazy at first blush, like a hacker consultancy.

Our experience with government agencies is that many of them would rather have their records available online, giving their constituents full access to public records rather than trying to keep them locked up and safe.  The key is that we provide automated redaction tools that ensure no matter where your records are kept, that any personally identifiable information or otherwise sensitive data is completely eliminated from the document.

If you’d like to learn more about our offerings, send us a note and we’d be happy to schedule an introductory call or show you a demonstration of our software.

About the Author: Chris Mack

Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing.  Chris received his bachelor’s degree in English from Bucknell University and has an MBA from the University of Notre Dame.  A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.