Government Demands: “Hack the Army”

16 Nov

The government is continuing an initiative aimed at learning more about cyber security strengths and weaknesses through an invitation-only “Hack the Army” event aimed at strengthening its online presence. As it originally began with the Pentagon hosting its own competition, government personnel have realized the value of white-hat hackers shining a light on otherwise overlooked vulnerabilities or inconsistencies.

Here are some differences between the Army and Pentagon’s hack requests: while “Hack the Pentagon” requested hackers assess static websites, Hack the Army focuses on user information for new and existing Army personnel on recruitment sites and databases. And while it is invitation-only so civilian entrants can be vetted prior to participating, military and government personnel get automatic entry. Also, it should be noted that HackerOne is continuing its partnership with Hack the Army as it did with Hack the Pentagon in order to ensure another seamless outcome.

On a larger scale, the idea of opening an organization – public or private – to hackers in order to understand their strengths and weaknesses, isn’t new but is disruptive, turning accepted thinking on its head. Standard procedure is to take a look at what could come through, implement the necessary steps to protect the network, and test said steps to make sure everything works properly. But the person who created the security protocol testing its endurance only goes so far. In order to truly understand a network’s raw vulnerabilities, some take it a step further and see the potential inconsistencies through the eyes of a hacker. Disruptive, yes, but worth it in some cases.

Now, this isn’t to say that every company needs to rush out and find a hacker to test their network; this option is just another to consider. Being as fluent as possible in the workings of the cyber security world, along with knowing your network’s inner workings is key. Outside perspectives and assistance are always acceptable tools when dealing with cyber security best practices.