The U.S. Department of Defense (DoD) is turning to the private sector to bolster its cyber defenses with the launch of the third iteration of its "Hack the Pentagon" bug bounty program.
The program, first launched in 2016, aims to leverage the expertise of the private sector and commercial crowdsourcing best practices to enhance the information security of the DoD.
It will involve cybersecurity researchers finding vulnerabilities in the government's Facility Related Controls System (FRCS) network, which is used to monitor systems related to property facilities such as fire and safety systems, heating, ventilation and air conditioning (HVAC), utilities, and physical security systems.
The DoD is partnering with commercial firms that have experience administering Crowdsourced Vulnerability Discovery and Disclosure (CVDD) activities. These firms will host crowdsourced security activities on behalf of the DoD.
A Performance Work Statement (PWS) from the DoD describes the basics of the program:
"The Contractor shall provide all personnel, equipment, supplies, facilities, transportation, tools, materials, supervision, and other items and non-personal services necessary to perform the CVDD Services on the FRCS network as defined in this Performance Work Statement (PWS) except for those items specified as Government furnished property and services. The Contractor shall perform to the standards in this contract."
The program is being managed by Defense Digital Services (DDS), which is responsible for managing technical risks and vulnerabilities. The objective of the program is to obtain support from a pool of innovative information security researchers via crowdsourcing for vulnerability discovery, coordination, and disclosure activities.
The program will assess the current cybersecurity posture of the FRCS Network, identify weaknesses and vulnerabilities, and provide recommendations to improve and strengthen the overall security posture.
The DoD says this program is crucial for national security, as maintaining the security, confidentiality, and integrity of the DoD's networks and systems is a high priority.
The third installment of the "Hack the Pentagon" bug bounty program comes almost five years after the second one, which was unveiled in April 2018.
You can find more information about the "Hack the Pentagon" bug bounty program at Sam.gov.
Follow SecureWorld News for more stories related to cybersecurity.
