The Department of Defense (DoD) has announced the third edition of its “Hack the Pentagon” program, focusing on unclassified information systems and operational technology.
The program – first launched in 2016 and overseen by the DoD’s Cyber Crime Center – offers bug bounties to ethical hackers for discovering vulnerabilities in Pentagon systems.
In a draft solicitation posted to SAM.gov on Jan. 13, DoD said the third edition will focus on tech contained within the Pentagon’s Washington Headquarters Services (WHS) Facilities Services Directorate (FSD) Facility Related Controls System (FRCS) network.
“The contractor shall provide all labor, material, equipment, hardware, software, and training required to assess the current cybersecurity posture of the FRCS Network, identify weaknesses and vulnerabilities, and provide recommendations to improve and strengthen the overall security posture,” the solicitation says.
According to the draft document, the FRCS network is a combination of informational technology (IT) and operational technology (OT) assets. Hackers will need to participate in the “challenge phase” in person, which is expected to last no more than 72 hours.
The Pentagon first launched the program because previously there was no way for hackers to report a vulnerability. In 2021, DoD expanded the program to include all publicly accessible DoD information systems.