6 April 2016

To Modernize Military, Pentagon Turns to Hackers

April 1, 2016
Secretary Ash Carter visits Texas’ incubators of technology for tips on DOD reform.

Secretary of Defense Ash Carter tours Texas Advanced Computing Center and Visualization Lab on Thursday in Austin, Texas. 

AUSTIN, Texas – With bright purple hair and shock-red lipstick, Katie Moussouris says she has no problem drawing attention to herself when she visits the Pentagon.

But the professional hacker and former Microsoft employee represents a major shift in the Department of Defense, which has contracted her company HackerOne to find digital saboteurs to attack the Pentagon and root out vulnerabilities. By adopting more private industry standards like this one and focusing on attracting young computer engineers and developers, in addition to those who will physically fight America's wars, Defense Secretary Ash Carter hopes he can reinvigorate a cumbersome department at times resistant to change.

"This is a historic program in the U.S., and a historic program in the world," Moussouris told a group of reporters here at the tech start-up incubator Capital Factory on Thursday, when asked why hackers would want to participate. "The prestige of being part of the first 'bug bounty' program for the U.S. government is also a commodity in itself."

The Pentagon paid HackerOne $150,000 to organize and vet an unlimited number of hackers to try to find vulnerabilities in a set group of Department of Defense websites. Part of the contract money will go toward cash prizes, known in the industry as a "bug bounty," for those who successfully identify flaws and report them back to the organizers.

The targets will not include sensitive networks, like missile sites or personnel databases. "This is not going to be against OPM," Moussouris jokes. And those kinds of attacks, as evidence by theactual high profile hack on the Office of Personnel Management last summer, are already under siege anyway, she says. The hackers also will not be allowed to use malicious tactics as they participate in the program, such as denial-of-service attacks.

Only Americans with valid taxpayer identification will be able to participate in the pilot program, which begins on April 18 and runs through May 12. Even before registration began on Thursday, those requirements weed out a sizeable swath of the world's leading hackers, including Russians, Chinese, Israelis and those who do not wish to be listed in a U.S. government database.

But Moussouris says the hack-a-thon represents an important step for the Pentagon to try to compete with the for-profit firms to which it regularly loses bright minds and experienced engineers. The private sector routinely turns to these kinds of contests, along with hiring specific hackers to try to find vulnerabilities, all against the omnipresent fact that anything connected to the internet is likely already under attack.

"I think it is a huge risk not to invite people with skills to come forward and report what they find," she said.

Programs like this that may help push the Department of Defense into the 21st century, where a teenager at a keyboard can be far more dangerous than an infantryman with a gun, was the central focus of Carter's visit here on Thursday and a key element of his tenure as secretary.

Prior to visiting the Capital Factory – where he received three-minute pitches from developers of new kinds of magnets, rockets and visualization software – Carter spent the morning at the University of Texas at Austin, where he hoped to drum up enthusiasm among students that work in the civil service could be as rewarding as much more lucrative for-profit firms.

"While the military cannot and should not replicate all aspects of the private sector, we should borrow practices, technologies and management techniques that work for us, so that in future generations, we keep attracting people of the same high caliber we have today – people who will meet the same high standards of performance, ethics, honor, and trust we hold our force to today," he told a group of students and ROTC cadets.

"We're making these investments and pushing forward with these reforms for one simple reason: so that the force of tomorrow can remain as strong as our force of today," he said. "And to make that possible, we need more talented and dedicated people like you, men and women who are committed to making creative and lasting contributions to our national defense."

Carter visited the school's Advanced Computing Center and Visualization Lab, where he toured a dark, expansive room ringed by floor-to-ceiling computer monitors, showing the 3D shockwave of an earthquake in Japan, or a simulation of what dark matter looks like in outer space.

He also toured the Rehabilitation and Neuromuscular Robotics Lab, where he received a briefing and demonstration on new high-tech exoskeletons that can, for example, help a stroke victim recover strength in their limbs.

Carter, himself a trained physicist, seemed at times barely able to contain his enthusiasm as he interacted with engineers and scientists on his tour throughout this city, itself an established hub for technological development.

But each example of cutting-edge development seemed to also serve as a reminder of the Defense Department's shortcomings as it faces increasingly technologically savvy enemies.

Just before leaving the UT robotics lab, Carter stopped to ask a PhD student about his future intentions. The budding engineer and Texas native said perhaps the private sector, or maybe he'll try return to the NASA lab in Houston where he had previously interned.

"Maybe you'll work for us some day," Carter said with a hopeful look.

No comments: