» » Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems

Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems

Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems

House › ICS/OT

Hack the Pentagon 3.Zero Bug Bounty Program to Give attention to Facility Management Methods

By Ionut Arghire on January 16, 2023

Tweet

The US Division of Protection (DoD) is on the point of launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which is able to deal with the Facility Associated Controls System (FRCS) community.

Hack the Pentagon was launched in 2016 on HackerOne, when the DoD invited moral hackers to seek out and report safety defects in Pentagon’s public net pages.

In 2018, the DoD introduced a steady Hack the Pentagon program operating year-long on Bugcrowd and concentrating on vulnerabilities in {hardware} and bodily techniques and different high-value belongings.

In keeping with a draft solicitation launched on Friday, as a part of Hack the Pentagon 3.0, DoD will depend on moral hackers to establish vulnerabilities in FRCS.

The DoD’s FRCS consists of management techniques which might be used to observe and management gear and techniques associated to actual property amenities, reminiscent of HVAC, utilities, bodily safety techniques, and hearth and security techniques.

“The general goal is to acquire assist from a pool of progressive data safety researchers by way of crowdsourcing for vulnerability discovery, coordination and disclosure actions and to evaluate the present cybersecurity posture of the FRCS community, establish weaknesses and vulnerabilities, and supply suggestions to enhance and strengthen the general safety posture,” the draft reads.

Per the doc, the DoD is trying to interact with a personal group that has experience in industrial crowdsourcing, to pick “a personal neighborhood of expert and trusted researchers, which can be restricted to US individuals solely” to take part in this system.

For earlier bug bounty applications – which additionally included Hack the Air Drive, Hack the Military, Hack the Marine Corps and Hack the Protection Journey System – along with working with HackerOne and Bugcrowd, the DoD partnered with Synack to vet collaborating researchers.

The draft additionally makes it clear that the DoD will set up the eligibility standards for the collaborating researchers, and that individuals may have to have the ability to carry out reverse engineering, supply code evaluation, and community and system exploitation.

“The bounty execution or ‘problem part’ itself is anticipated to final not more than 72 hours in individual,” the draft reads.

Associated: DoD Launches ‘Hack US’ Bounties for Main Flaws in Publicly Uncovered Property

Associated: ‘Hack DHS’ Contributors Awarded $125,000 for Over 100 Vulnerabilities

Associated: DoD Declares Outcomes of Vulnerability Disclosure Program for Protection Contractors

Get the Day by day Briefing

 
 
 

  • Most Latest
  • Most Learn
  • Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Assaults
  • InHand Industrial Router Vulnerabilities Expose Inside OT Networks to Assaults
  • Web site of Canadian Liquor Distributor LCBO Contaminated With Net Skimmer
  • Hack the Pentagon 3.Zero Bug Bounty Program to Give attention to Facility Management Methods
  • CircleCI Hacked by way of Malware on Worker Laptop computer
  • Cybersecurity Specialists Forged Doubt on Hackers’ ICS Ransomware Claims
  • NSA Director Pushes Congress to Renew Surveillance Powers
  • Most Cacti Installations Unpatched Towards Exploited Vulnerability
  • Exploitation of Management Net Panel Vulnerability Begins After PoC Publication
  • Juniper Networks Kicks Off 2023 With Patches for Over 200 Vulnerabilities

In search of Malware in All of the Mistaken Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act Via Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Learn how to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Enticing

Learn how to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

SecurityWeek Podcast

author-Orbit Brain
Orbit Brain
Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.

Cyber Security News Related Articles