August 14, 2018 | International, C4ISR
By: Jessie Bur
The Department of Defense kicked off its sixth bug bounty program Aug.12 with Hack the Marine Corps, a challenge focusing on the Corps' public-facing websites and services.
“Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cybersecurity posture," said Maj.Gen. Matthew Glavy, the head of the U.S. Marine Corps Forces Cyberspace Command, in a news release.
“Our Marines need to operate against the best. What we learn from this program will assist the Marine Corps in improving our war-fighting platform, the Marine Corps Enterprise Network. Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces and minimize future vulnerabilities. It will make us more combat ready.”
The DoD launched its first bug bounty, Hack the Pentagon, in May 2016, which was considered one of the first major successes for the then-newly minted Defense Digital Service. Since then the DoD has held bug bounties for the Army, the Air Force, the Air Force again and the Defense Travel System.
The combined programs resulted in over 600 resolved vulnerabilities with approximately $500,000 awarded to the ethical hackers participating in the program.
“Information security is a challenge unlike any other for our military. Our adversaries are working to exploit networks and cripple our operations without ever firing a weapon," said Chris Lynch, the director of the Defense Digital Service.
"Sometimes, the best line of defense is a skilled hacker working together with our men and women in uniform to better secure our systems. We're excited to see Hack the Pentagon continue to build momentum and bring together nerds who want to make a difference and help protect our nation.”
Hack the Marine Corps was launched with HackerOne, which partners with the hacker community to help businesses and government conduct bug bounties, and kicked off with a live hacking event coinciding with the Black Hat USA, DefCon and BSides conferences in Las Vegas.
The live hack resulted in 75 unique vulnerability reports and more than $80,000 in awards.
“Success in cybersecurity is about harnessing human ingenuity,” said Marten Mickos, CEO at HackerOne.
“There is no tool, scanner or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine Corps, one of the most secure organizations in the world, is the latest government agency to benefit from diverse hacker perspectives to protect Americans on and off the battlefield.”
The bug bounty program ends Aug. 26.
January 31, 2023 | International, Aerospace
Gen. Chance Saltzman told reporters today he wants space operators to be more involved in shaping plans for future systems and defining training needs.
September 30, 2022 | International, C4ISR
Nations that set limits on AI capabilities may encounter adversaries who have no qualms about doing so, putting them at a disadvantage.
September 11, 2018 | International, C4ISR
By: Justin Lynch As hackers become more sophisticated, the top IT officer at the Department of Homeland Security says he needs better mobile security features compared to other U.S. government agencies. The Department of Homeland Security “really operates differently than [the Department of Defense]. We are a very mobile organization, so my attack vectors are out there,” said John Zangardi during the Billington Cybersecurity summit Sept. 7. “We are out there on our mobile devices all day long, and that's not the case with DoD.” Zangardi would know. He previously served as the Pentagon's acting chief information officer from October 2016 to November 2017. In the 2017 Homeland Security industry guide, which lays out the department's investment opportunities, the agency said it was looking to secure communication systems and monitor cyberthreats in mobile devices. Homeland Security has also invested in research to ensure Android phones are secure and is planning to study end-to-end cellphone call encryption. Zangardi said the IT industry is going through an “inflection point” that is being driven by a faster rate of innovation, bolstered digital threats from nation-states and a greater demand for consumer expectations. Full article: https://www.fifthdomain.com/civilian/dhs/2018/09/10/why-dhs-needs-better-mobile-security-than-other-agencies