It’s not every day the Department of Defense invites people to hack its networks with no fear of repercussion. But that’s exactly what they’ve done—and good for them.
During this year’s RSA Conference in San Francisco, Secretary of Defense Ash Carter unveiled “Hack the Pentagon,” a pilot program in which cleared hackers will scour DoD networks for vulnerabilities. This program is brilliant, for several reasons.
First, a key feature of a robust security architecture is visibility. The more people you have analyzing and guarding your networks with good intent, the more secure you are from those whose intentions are bad. As Carter noted, “You’d much rather find the vulnerabilities in your networks in that way than by the other way.”
With innumerable foreign agents attempting to hack DoD networks every day, expanding the number of secure and cleared penetration testers can only improve our national defense. This program levels the playing field and allow the good guys to find and solve issues first.
Next, this program also offers the federal government a better means of evaluating and recruiting cybersecurity talent—which doesn’t come cheaply. With the private sector offering lucrative salaries and benefits, federal agencies often struggle to attract and retain the level of talent it takes to stay at the forefront of cybersecurity.
Hack the Pentagon is part of a larger strategy to recruit from outside of established talent pools. It brings college students and other qualified, but overlooked individuals to the federal government’s attention. Those who successfully uncover and solve issues get an opportunity to prove themselves—and perhaps even land a job—in the federal cybersecurity arena. At the same time, the DOD uncovers top talent without over-paying.
Meanwhile, it’s not just federal defense programs that stand to benefit. This kind of “crowd sourcing” strategy for penetration testing could have a positive ripple effect throughout the federal government. If successful, other federal agencies—including those that have hesitated to conduct this kind of exercise—will take note. And in a time when multiple government agencies have fallen victim to massive hacks—often leaving large swaths of sensitive citizen data exposed—there’s no better time for them to follow suit.
Ultimately, Hack the Pentagon is a universal win. Our current administration can implement a major security initiative while earning positive public opinion. The Department of Defense identifies network vulnerabilities and finds quality talent. Meanwhile, undiscovered or undervalued security talent gets the chance to shine. Best of all, however, our overall national security posture improves.