Department of Defense Readies Third Hack the Pentagon Contest

The Department of Defense issued a draft solicitation on Friday for contractors to facilitate a third run of Hack the Pentagon, a white-hat hacker competition aimed at locating vulnerabilities in the agency’s information technology systems.

The Washington Headquarters Services, a DOD component responsible for administrative operations, seeks to uncover potential exploits in the Facility Related Control Systems, a network that controls air conditioning, fire control, physical access and other utilities in the Pentagon building complex.

Selected contractors will be tasked with enlisting the hacker participants according to DOD criteria and providing a secure platform for the event, Nextgov reported Friday.

According to the notice posted on SAM .gov, the deadline for responses is on Jan. 25.

DOD ran another white-hat event called Hack U.S. in July 2022, putting up a bounty for experts to check high-severity vulnerabilities across the agency’s networks. Almost 350 exploits were discovered by a pool of 270 participants during the contest, which was sponsored by the agency’s Vulnerability Disclosure Program.

In 2021, DOD expanded the VDP so that white-hat hackers would be allowed access to a wider range of information systems such as those relating to the internet of things, frequency-based communications and industrial control systems.

Other agencies that run bug bounty programs include the Department of Homeland Security, which plans to issue a $43.2 million multiple-award, indefinite-delivery/indefinite-quantity contract for a permanent vulnerability search program.