Pentagon Hires Hackers to Target Sensitive Internal Systems

The Pentagon is paying hackers to test its key internal systems for vulnerabilities, and they are finding weaknesses faster than expected, according to Bloomberg.

In a pilot project this past month, the Pentagon’s Defense Digital Service let about 80 security researchers into a simulated “file transfer mechanism“ the department depends on to send sensitive e-mails, documents and images between networks, including classified ones. The effort was important enough that staff for new Defense Secretary James Mattis were briefed on the ongoing program his first day on the job.

With concerns about cyber vulnerabilities rising across the U.S. government, the cyber firm Synack received a three-year, $4 million contract in September to carry out “bug bounties“ across the Pentagon. The company vetted and recruited security researchers from the U.S., Canada, Australia and the U.K., according to Mark Kuhr, Synack’s chief technology officer and a former National Security Agency analyst. The exercise ran through Feb. 7, with more expected.

Because of security concerns, hackers didn’t get direct access to operational networks. Instead, the digital service replicated the file transfer systems in a “cyber range,“ a kind of digital laboratory resembling the original environment. The company also added extra security layers to make sure adversaries didn’t compromise the hackers’ computers or enter into the range.

The experiment comes as the Defense Department faces challenges in handling cybersecurity. The department bolstered spending on capabilities and expertise to build better cyber defenses, yet during tests, critical combatant command missions remain at risk from advanced nation-state actors, according to the Pentagon testing director’s annual report published in January.