When the Pentagon decided it needed to find vulnerabilities in its cybersecurity system, they turned to the experts on exploiting cybersecurity vulnerabilities: Hackers.
The Pentagon’s “Hack the Pentagon” program was launched earlier this year and is already in its second iteration.
The Pentagon’s cybersecurity initiative, also known as the “Bug Bounty” program, invited hackers to register and find vulnerabilities in the system.
The 1,410 registered hackers sought to exploit five public-facing websites — defense.gov, myafn.net, dimoc.mil, dividshub.net and dodlive.mil — and 138 submissions were deemed legitimate. The $75,000 in payouts to the hackers ranged from $100 all the way up to $15,000 for a hacker who had multiple submissions, according to the Pentagon.
The first submission came within just 13 minutes of the program’s launch. Once the vulnerabilities were identified, they were immediately turned over to experts at the Defense Media Activity to remedy.
Throughout the account about Hack the Pentagon, there’s a common theme: The process involved experts with deep knowledge, hands-on skills and experience. From the hackers who are wizards at finding and exploiting vulnerabilities, to the private companies the Pentagon is now partnering with to run the program, to the skilled techies to remediate the flaws, this program pulls from a talent pool of extensive expertise.
It’s no different when it comes to cybersecurity compliance with Defense Federal Acquisition Regulation Supplement (DFARS) Part 252.204-7012. If your partner doesn’t specialize in cyber risk management and technology, they will always be limited in their ability to assess, analyze and, most importantly, find solutions to get your company to DFARS compliance.
Anyone can tell you about your problems. In fact, you probably already know where and what a lot of them are. Sera-Brynn is ranked no. 10 in the world for our cybersecurity solutions, and we have the DFARS and Department of Defense (DoD) expertise to devise solutions that make sense for your business.
Our expertise in NIST, including SP 800-171 and SP 800-53, was gained from nearly 20 years of DoD experience, including creating and validating compliance packages, building cutting-edge architectures and shaping policy at all levels of government. Our in-house incident response and forensic capabilities means that when you work with us, you have access to the experts in protecting confidential information and detecting and responding to potential incidents. Remember, the DFARS clause outlines required forensic responsibilities for contractor reporting of cyber incidents, flow-down clauses, what constitutes Covered Defense Information (CDI) and how it should be handled, as well as cloud computing services.
Through our partnerships with lawyers specializing in government contracts, and accountants specializing in government cost accounting, we offer an end-to-end solution of compliance specialization. This acquisition requirement is about cybersecurity – and technology expertise is essential to becoming fully DFARS compliant with the documentation to prove it.
It’s also worth noting that DFARS compliance takes six to 12 months to achieve — so time is of the essence as the Dec. 31, 2017, deadline to become compliant looms. Don’t risk potential penalties to your business by missing the deadline.
And don’t risk not meeting the deadline by hiring someone who’s not an expert in cybersecurity, DoD contracting and DFARS. We’re the experts. Contact us today to learn how we can assist you with DFARS compliance.