Published on July 9th, 2019 📆 | 3899 Views ⚑
0Three ways the Pentagon is hacking bureaucracy
It is not everyday that you get an invitation to hack the Pentagon. But in 2016, the US Department of Defense (DoD) did precisely that, inviting 80 white hat hackers to attack its websites and look for weaknesses.
âIt was the first time that we actually had allowed hackers to come in from any place in the United States and some partner nations,â Chris Lynch, former Director and Founder of the Defense Digital Service said recently. Previously, âit was illegal for hackers to do this, even if we wanted them to help usâ, Lynch noted.
This was the start of the Hack the Pentagon bug bounty programme, which crowdsourced for vulnerabilities and helped the defence department to strengthen its systems, Lynch remarked. He was speaking on a panel at the Singapore Defence Technology Summit, held on 26-28 June by the Defence Science and Technology Agency, where panellists shared how agencies can learn from their experiences in agile service delivery.
Move faster than the bureaucracy
Speed was of the essence for the bug bounty programme to be approved, Lynch noted. âI knew that if it was going really, really slow, then they would actually shut us down,â he quipped. âI just wanted to get done by the time anybody noticed.â Lynch, who made a name for himself in Silicon Valley as an advocate for rapid experimentation, was instrumental in triggering a cultural shift in the DoD.
Hack the Pentagon only took âabout four months, from starting the team to actually executingâ, Lynch said. In 2017, the DoD resolved nearly 500 vulnerabilities in public facing systems through this programme.
Lynch added that Congress now uses the same concept for other federal agencies. âWeâve continued to take that model, move very, very fast and prove results,â Lynch said. There have been sequels: Hack the Marine Corps, Hack the Army and Hack the Air Force, for instance.
Procurement reform can be a game changer
In the same vein, panellist Dr Will Roper, Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, noted how âtwo months in the startup realm is just simply too slow if youâre a very small businessâ. So in October last year, the Air Force began trialling a new procurement process that would award contracts to companies within days.
Through this initiative, startups can pitch their ideas to government, win contracts and get money deposited into their bank accounts â15 minutes after their pitch was overâ, Dr Roper said. âItâs completely changed the game,â he added.
He pointed out that the Air Force needed to work with companies in a way that would not turn them into âdefence productsâ. âThe companies that are changing the world right now were once small and we werenât there,â Dr Roper noted, referring to tech giants such as Google.
He has also recently advocated for the military to change its contract award process to make it easier for artificial intelligence developers to work with them, Executive Biz reported.
Help your technical teams take risks
To fail fast, leaders should help their technical teams to take risks, said Lynch, formerly of the Defense Digital Service. âWhat does it matter if everybody has the best team if they donât actually have the ability to control their own future and their destiny?â he noted.
In that spirit, he gave technical teams the ability to waive any DoD policy âif it was in the way of the missionâ during his stint at DoD. Lynch emphasised that this was only allowed if done âjudiciouslyâ, but it enabled teams to innovate more ambitiously and go after âreally, really hard problemsâ.
âWe wouldnât be on the path of something like JEDI cloud right now, if we hadnât gone with such a very strong attitude that this was really important,â he continued. He was referring to the $10bn defence cloud contract that made headlines earlier this year.
Lynch concluded with a piece of advice for agencies to be truly agile: instead of focusing on the number of sprints and minimum viable products, the only thing that matters is to generate results quickly. âThe amount of time it takes for a software engineer to write a piece of code and have it show up in the production system is the only metric that matters,â he emphasised.
In days past, people would be jailed for life for hacking the Pentagon. But a new spirit of cautious openness has helped the US military plug the gaps, learn from others, and move even faster.
Image by Official US Navy Page â CC BY 2.0
Gloss