Public-facing websites and services used by the Marine Corps were targeted by hackers over the weekend – but that was part of the plan. To help identify vulnerabilities In the Marine Corps Enterprise Network, the Department of Defense and HackerOne, a service that runs crowd-sourced security testing, launched Hack the Marine Corps, a “bug bounty program” that pays hackers to identify and report vulnerabilities. As the United States faces increasing cybersecurity threats, programs such as Hack the Marine Corps are a great way to identify and fix potential problems before they really do become damaging security breaches. Hack the Marine Corps has already been successful. The program kicked off with a live event in Las Vegas with nearly 100 ethical hackers who, during the nine-hour event, identified 75 unique security vulnerabilities. True to the idea of “bug bounty,” the Marine Corps shelled out more than $80,000 to those who had identified problems.
The program will continue until Aug. 26, and is part of the larger Hack the Pentagon program run by the DoD’s Defense Digital Service and HackerOne and started in 2016. Previously, hackers have been invited to target Army, Airforce, Pentagon and Defense Travel systems, finding more than 5,000 vulnerabilities.
These programs and their success are a reminder of the ongoing cybersecurity challenges facing the U.S. They also help to emphasize why digital security is critical to national security as Secretary of Homeland Security Kirstjen Nielsen explained earlier this summer, saying, “Cyberattacks collectively now exceed the danger of physical attacks.”
Heading off that threat proactively with “bug bounty” events is a step in the right direction. Given its success with helping the U.S. armed forces bolster its cyberdefenses, similar programs should be used for other vulnerable infrastructure critical to national security, such as infrastructure for elections.