Pentagon invites hackers in and backs encryption

The Pentagon has invited external experts to hack into its systems in the first such test of its cybersecurity measures.

The method is often used by private companies that want to use the expertise of “friendly” hackers to find holes in their systems.
It came after the US defence secretary backed strong encryption amid the FBI’s phone unlocking row with Apple.
Ash Carter called on tech firms and the US government to work together.
The US Department of Defense launched its Hack the Pentagon project on Wednesday, inviting vetted outside hackers to test the security of some of its public websites.
According to the Reuters news agency, the programme will be modelled on the hacking bounties often run by firms, in which experts are offered incentives to identify and report security issues. The Pentagon said it was also considering offering financial rewards.

‘Digital defences’

“I am confident that this innovative initiative will strengthen our digital defences and ultimately enhance our national security,” Mr Carter said.
The Pentagon has long tested its own networks using internal so-called “red teams” but this initiative – the first such scheme to be run by the US federal government – would open at least some of its vast network of computer systems to cyberchallenges from across industry and academia.
However, the Pentagon said that other more sensitive networks or key weapons programs would not be included in the scheme, at least initially. “The goal is not to comprise any aspect of our critical systems, but to still challenge our cybersecurity in a new and innovative way,” one senior defence official told Reuters.
The official said they expected thousands of qualified participants to sign up ahead of the pilot scheme’s opening in April.
During a visit to Silicon Valley on Tuesday, Mr Carter underscored the US military’s support for data security and strong encryption. Speaking on the day that both Apple and the FBI appeared before the US congress over the former’s refusal to help the latter overcome an iPhone’s encryption protection, he said that the Pentagon viewed strong encryption as critical.
Reuters reported that Mr Carter declined to address a live case directly and said that no one case should drive policy decisions. But he did call for greater co-operation between Silicon Valley and Washington on data security.
He said that a failure to work together would allow China, Russia and others who he said did not favour a free internet to set new global standards, according to the news agency.
“We shouldn’t let the solutions to this larger issue of how to handle data security as a society be driven by any one particular case,” Mr Carter told reporters after a speech to the Commonwealth Club of San Francisco. “It would be unreasonable.”
In his speech, Mr Carter said: “It is easy to see wrong ways to do this. One would be a law hastily written in anger or grief. Another would be to have the rules be written by Russia or China.”
On the same day, it was announced that the Turing Award had been given to a pair of cryptographers whose ideas helped make the internet possible.
According to the Associated Press, the recipients – Whitfield Diffie, a former chief security officer of Sun Microsystems, and Martin Hellman, a professor emeritus of electrical engineering at Stanford University – said that giving governments control over encrypted communications would put everyone at risk.
The pair were chosen for the $1m (£700,000) award for contributions to computing for the ideas of public-key cryptography and digital signatures, which they introduced in 1976.
The concepts now secure all kinds of data, from online communications and financial transactions to internet-connected infrastructure like power plants, the AP agency reported.