DOD Launches New Site to Bolster ‘Hack the Pentagon’ 

The Defense Department’s Directorate for Digital Services—or DDS—announced on Thursday that it launched a new website to enhance and support DOD’s “Hack the Pentagon” program, an initiative that enables ethical hackers to identify and report vulnerabilities within the department’s public-facing systems. 

DOD said the new site, www.hackthepentagon.mil, “is primarily an educational tool for DOD organizations to use as a foundational step before launching a bug bounty,” but that it will also function as “a platform to engage and recruit technical talent.”

DOD, along with many other federal agencies, has experienced a shortage of high-skilled cyber professionals in recent years, and the program allows the Pentagon to leverage the skills of outside experts to help bolster its own security. DOD noted in a November 2022 memo that “attracting cybersecurity professionals continues to fall short of demand,” and a report released by a federal working group last October identified the need to fill “nearly 40,000 [cyber jobs] in the public sector as of April 2022.” 

The Hack the Pentagon program, which DDS launched in 2016, provides security researchers with the opportunity to earn monetary awards—or “bug bounties”—for discovering and reporting potential cyber vulnerabilities to DOD for remediation. DDS later became a part of DOD’s Chief Digital and AI Office, or CDAO, in June 2022.

“With the HtP website launch, CDAO is scaling a long running program, which historically offered services on a project-by-project basis, by offering the department better access to lessons learned and best practices for hosting bug bounties,” Chief Digital and Artificial Intelligence Officer Craig Martell said in a statement. “The website helps equip DOD to run continuous bug bounties as part of a larger comprehensive cybersecurity strategy.” 

In a March 30 blog post, acting DDS Director Jinyoung Englund said the department created the new website “as a first-step resource to DOD, vendors and security researchers who want to partner with us to run or participate in a bug bounty to secure DOD systems and assets.” Since the program’s launch in 2016, Englund said DDS has run over 40 bug bounties with more than 1,400 ethical hackers, which has resulted in over 2,100 vulnerabilities being flagged for remediation. 

“As we shift from an information to an intelligence age, the winning blow will be dealt by humans supported by intelligent machines,” Englund added. “This is why we intentionally invite hackers to break into our systems and assets. By incorporating bug bounties into our overall cybersecurity strategy, we’re updating the cybersecurity playbook to assume breach and think like an adversary.”