The US Division of Protection (DoD) has confirmed it would quickly launch the third a part of its ‘Hack the Pentagon’ bug bounty program, first unveiled in 2016.
Based on a devoted web page on the Sam.Gov web site, the initiative will depend on cybersecurity researchers to search out vulnerabilities within the authorities’s Facility Associated Controls System (FRCS) community.
“The Contractor shall present all labor, materials, tools, {hardware}, software program and coaching required to evaluate the present cybersecurity posture of the FRCS Community, establish weaknesses and vulnerabilities, and supply suggestions to enhance and strengthen the general safety posture,” reads a draft of the efficiency work assertion (PWS) of the Hack the Pentagon 3.0 program.
The FRCS infrastructure consists of methods used to observe methods associated to actual property amenities like hearth and security methods, heating, air flow, and air-con (HVAC), utilities, and bodily safety methods, amongst others.
“DoD has recognized an rising must leverage a various pool of revolutionary data safety researchers […] through crowdsourcing, for vulnerability discovery, coordination and disclosure actions,” the draft explains.
The doc additionally clarifies that the vital bounty program will solely contain “unclassified Data Methods and operational expertise contained inside the Pentagon FRCS Community.”
“These are delicate Authorities belongings; due to this fact, the Contractor will probably be required to leverage a non-public neighborhood of expert and trusted researchers, which can be restricted to US individuals solely, with eligibility standards established by the DoD,” the draft explains.
Moreover, the draft is looking for researchers to be various in skillset and in a position to conduct supply code evaluation, reverse engineering and community and system exploitation.
“The bounty execution or ‘problem part’ itself is anticipated to final not more than 72 hours in particular person. Entry to belongings and asset homeowners will probably be offered to the Contractor upon Contract award.”
The third installment of the Hack the Pentagon bug bounty program comes nearly 4 years after the second, which was unveiled in April 2018.
