Seems the US Government is looking to be hacked. All qualified hackers are invited to bid and be paid to help protect the country’s networks. This is a cool and curious approach, and hopefully some great teams do their job and help support cyber defense teams.

Notes from the Statement of Work:  This is a non-personal services contract to provide a Crowdsourced Vulnerability Discovery and Disclosure exercise of the Government’s Washington Headquarters Services (WHS) Facilities Services Directorate (FSD) Facility Related Controls System (FRCS) network.

The DoD’s computer networks and systems support the Nation’s defense and are critical both for daily business operations and Mission Critical activities. Maintaining the security, confidentiality, availability and integrity of the DoD’s networks and systems is a matter of national security and requires the continuous identification and remediation of vulnerabilities that can be exploited by malicious cyber actors. As part of its responsibility to the public at large, DoD is constantly considering innovative and diverse approaches to meet this goal.

To support DoD’s continual efforts to remain at the forefront of rapidly evolving technologies, and to maintain the highest levels of integrity and security required of its IT infrastructure, DoD has identified an emerging need to leverage a diverse pool of innovative information security researchers (herein referred to as “researchers”), via crowdsourcing, for vulnerability discovery, coordination and disclosure activities.

Crowdsourcing is a modern business practice that, as of 2010, the Federal Government has employed to obtain needed services, ideas, or content by soliciting contributions from a large group of people rather than from traditional employees or suppliers. Crowdsourcing incentivizes innovation in solving mission-centric problems. Remaining ahead of present and emerging cyber threats is a significant responsibility in any environment. For DoD, the responsibility is amplified as the repercussions associated with security failure are severe.