Our Networks Will Work - For 13 Minutes

This is slightly off topic but it’s too good to pass up.  The Pentagon apparently hosted a “Hack the Pentagon” event in which friendly hackers were invited to attempt to hack certain Pentagon computers and networks.  Hackers who successfully found vulnerabilities would be paid a bounty.

“Within 13 minutes of launching the first U.S. Government commercial bug bounty program we had our first submission. Just six hours later, that number grew to nearly 200. Hack the Pentagon shattered initial expectations for participation and vulnerability report submissions. By its end, more than 1,400 hackers were accepted to the program, and in total 138 [unique] valid bugs were resolved in Pentagon’s systems.” (1)

In total, 1189 bug reports were submitted with 138 being verified as unique.  The Pentagon paid out over $72,000 in bounties to 58 hackers as a reward for their efforts.

So, 1400 hackers found 138 holes in the Pentagon’s network security in just a matter of minutes and hours?  So what will Chinese, Russian, and NKorean military professional hackers be able to do by working full time on hacking Pentagon networks and with the resources of entire countries to back them up?  A lot more I would imagine!

I heartily applaud this effort by the Pentagon to find and fix network vulnerabilities but I really have to question the wisdom of basing our entire Third Offset Strategy on networks of various types.  It seems foolish in the extreme.  There is no such thing as a secure network.

_____________________________

(1)hackerone blog website, “What Was It Like To Hack the Pentagon?”, Marten Mickos, 17-Jun-2016,

https://hackerone.com/blog/hack-the-pentagon-results

Bagikan Artikel ini