The Defense Department announced earlier in the week, in collaboration with the Defense Digital Service and the HackerOne cyber security community, the winners of “Hack the Army 2.0,” which helps hackers to find security flaws. More than 60 publicly available site properties, including army.mil, goarmy.mil and Arlington Cemetery, were covered by the competition, which concluded in November. In a joint statement, fifty-two hackers from around the world recorded 146 flaws over five weeks. For several years, the military funds bug bounties in conjunction with heightened security issues. “Participation from hackers is key in helping the Department of Defense boost its security practices beyond basic compliance checklists to get to real security,” Alex Romero, digital service expert at the Defense Digital Service, said in a statement. “With each Hack the Army challenge, our team has strengthened its security posture.” The top individual payout was $20,000. The threat posed by hackers goes far beyond military websites freely exposed. A GAO study over 2018 reported that cyber flaws are common and can affect actual operations. The concern with the hiring and retaining of highly skilled professionals whose skills receive top dollars in the private sector is part of the challenge in improving defenses, the GAO said. The program aims to expose flaws to security teams, so that digital assets can be properly protected. The first Hack the Army campaign was initiated in 2016 and 371 individuals, including government and military officials, participated. 118 vulnerability reports were considered valid and bug bounty payments totally $100,000.
