Facility control systems prioritized in new ‘Hack the Pentagon’ program installment

The U.S. Department of Defense will be unveiling the third installment of its "Hack the Pentagon" bug bounty program aimed at identifying vulnerabilities within its Facility Related Controls network, including HVAC, physical security systems, utilities, and other control systems involved in real property facilities, reports SecurityWeek. "The overall objective is to obtain support from a pool of innovative information security researchers via crowdsourcing for vulnerability discovery, coordination, and disclosure activities and to assess the current cybersecurity posture of the FRCS network, identify weaknesses and vulnerabilities, and provide recommendations to improve and strengthen the overall security posture," said the DoD in a draft document, which also noted that a private firm with commercial crowdsourcing expertise is being sought for the program. Eligibility criteria is still being established by the Defense Department, which has been looking for participants with reverse engineering, network and system exploitation, and source code analysis know-how. "The bounty execution or challenge phase itself is expected to last no more than 72 hours in person," said the draft.