The United States Department of Defense just recently announced they will be launching a bug bounty program in April 2016.
This program is the first cyber bug bounty program created in the history of the federal government in an effort to crowdsource the security of their public facing websites and internal networks.
This ‘Hack the Pentagon’ program is currently only opened to US citizens, with participants having the chance to win cash and recognition for their achievements.
In order to join this program, hackers are required to go through a background check, and to ensure no hacker is targeting the critical DoD infrastructure, hackers will be given a predetermined system that the DoD would like for them to hack and a set amount of time to complete the hack.
This initiative is a refreshing change from the DoD, which generally audits itself internally. This welcoming change will provide the DoD with fresh sets of eyes aiming to protect the DoD infrastructure and will help boost security measures used to fight against cyber-attacks.
This new initiative comes in the wake of a string of government cyber-attacks. On February 9th, the IRS announced they had been hacked, again, allowing hackers’ access to 101,000 social security numbers. Not long thereafter, a hacker group called the DotGovs breached the U.S. government's computer systems and leaked thousands of personal details belonging to the U.S. Department of Homeland Security & the FBI employees.
As attacks on national governments continue growing at an unprecedented rate, it’s time for all government agencies dealing with sensitive data to really reflect on what can be done now to ensure their digital doors are secure from hackers. It’s important to implement a layered security approach to your IT estate. By working with NNT, your organization will be able to adopt a ‘layered and integrated approach’ to security that incorporates the right process, methodology and set of tools in order to guard your IT environment against today’s ever-evolving threat landscape.
Here’s Just a Few Things You can Achieve with NNT-
- Continuously monitor and quantify all system activity in real-time pinpointing genuine security threats
- 'Lockdown' IT systems using expert-sourced, consensus-based system hardening best practices from The Center for Internet Security: CIS Benchmark Checklists
- Protect your IT infrastructure against both internal and external threats, including ‘zero-day’ threats and Advanced Persistent Threats where Anti-Virus and Intrusion Protection technologies are ineffective
- Maintain your compliance obligations, such as PCI DSS, NIST SP 800-53, DISA STIG, HIPAA, NERC CIP, ISO 27001, SOX, or USGCB and FDCC
- Provide host intrusion detection systems (HIDS) contingency so that if a breach is effective, you will still be alerted in real-time and know who was responsible