January 27, 2017//Ellen NeveuxLast Updated: November 18, 2020
Within five minutes of program launch, a bug bounty campaign targeting the U.S. Army located a vulnerability. How would your network stack up to being hacked?
In April 2016, the United States Department of Defense (DoD) initiated a bug bounty program titled, “Hack the Pentagon.” During the course of just over one month, 250 participants submitted reports. Of those, 138 issues were identified as “unique and eligible for a bounty.” The pilot program offered an ethical opportunity for the DoD to build relationships with skilled cyber specialists with an interest in helping the government and earning money at the same time.
Using data gleaned from the program, the DoD contracted with cybersecurity firm HackerOne to respond to the vulnerabilities.
In November, the DoD launched the second installment of its bug bounty program, called “Hack the Army.” Running just under a month, the program was open to eligible personnel.
Bug bounty programs
Just as successful as its predecessor program, Hack the Army involved 371 invited and eligible participants. Of more than 400 reports submitted, 118 were identified for a necessary fix. Bounties paid on the reports were around $100k.
The bug bounty programs of the U.S. military allow the agency to engage expert talent to which it would otherwise not have access. As Defense Secretary Ash Carter noted about the $150,000 paid out for Hack the Pentagon, “It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million.”
Be sure your network is secure
In a government or any regulated industry, secure remote access is critical. Ethical penetration techniques, like those used by the Pentagon, reveal security gaps and help avoid real-time exploits.
For government and business interests, attempts at criminal cyber intrusion are on the increase. For compliance-minded business, vulnerability is determined by the security protocols of each partner in a network chain.
Notes the head of the Defense Digital Service of the U.S. Army, Chris Lynch, “There are people all over the world that are trying to get access to our systems, our data, and our information for malicious purposes.” Just as the military takes proactive steps to reduce network vulnerability — now is a good time to assess your network strengths and weaknesses.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.