Posted on Mar 31, 2016
Do you think the "Hack The Pentagon" program is a good idea, or a disaster waiting to happen?
4.45K
23
12
2
2
0
https://threatpost.com/hack-the-pentagon-trial-program-registration-open/117119/?utm_source=twitterfeed&utm_medium=linkedin+company+page
I agree with the principle of using hackers to test security, but I am kinda concerned that this is going to end disastrously for the DOD, What do you think RPers?
I agree with the principle of using hackers to test security, but I am kinda concerned that this is going to end disastrously for the DOD, What do you think RPers?
Posted >1 y ago
Responses: 7
It may be a good idea to draw out hackers from this nation PO3 Steven Sherrill; but, tempting China and a few other nations to hack us is not a great idea.
(3)
(0)
PO3 Rick Kundiger
That's not the intent at all. There is no need to invite hacking to draw out hackers. They are hacking anyhow. And besides, how would you identify the "good" hackers from the "bad" hackers if you just invited them to hack you? Everyone is a hacking at that point, and if they are any good at hacking the only way you'd know who they were is if they told you. You'd easily be able to identify the ones who don't know what they are doing, and that attempting to lure such luddites into the jaws of the gov would serve no purpose.
Additionally, the Pentagon's invitation has no bearing on whether China, or others, are going to attempt to hack us. They are doing that already and need no invitation.
Additionally, the Pentagon's invitation has no bearing on whether China, or others, are going to attempt to hack us. They are doing that already and need no invitation.
(0)
(0)
I have wondered if it isn't time to start a 6th "armed service". I think we need the skilled hackers, but they need to be on our payroll.
(2)
(0)
PO3 Rick Kundiger
I agree with this. As a former DoD and .gov IT person for 15 years I found that a lot of the problems our organizations have are related to IT being implemented and managed dramatically different from Agency to Agency, Service to Service, and even from Unit to Unit throughout the entire government, much less just the DoD. Skills vary widely, there is no consistent or coherent goal or mission from one place to another, and as it is now everyone will rotate to a more career friendly position other than sitting in garrison managing base-IT. That means the high turnover rate further degrades continuity. Designated Approving Authorities in each Command, base, AOR, are different and something that works at location A may be banned at B; or work to certify will be repeated at every location. It's a huge waste of time, money, etc...
Let's not even talk about the subject of interoperability between the military branches...
There needs to be a consistent and coherent "branch" that runs IT with DoD-wide programs, and authority to manage those programs, to secure IT within the military and make it work well.
Let's not even talk about the subject of interoperability between the military branches...
There needs to be a consistent and coherent "branch" that runs IT with DoD-wide programs, and authority to manage those programs, to secure IT within the military and make it work well.
(1)
(0)
The use of White Hat hackers to find weaknesses in cyberdefenses is a pretty common practice. You would need to make sure the people doing it are truly folks doing to help you not to hurt you later.
(2)
(0)
PO3 Rick Kundiger
There is a vetting process in place. They aren't inviting anyone running tails and some exploit tools to hack away. Hackers who wish to participate need to apply first. Anyone not approved first will get into trouble if/when caught.
(0)
(0)
Read This Next