'Hack the Air Force' broadens participation to include partner nations
WASHINGTON. U.S. Air Force officials are inviting vetted computer security specialists from across the U.S. and select partner nations to participate in the challenge: "Hack the Air Force." The effort expands on the Department of Defense (DoD) initiative, "Hack the Pentagon."
The Air Force's Chief Information Office is sponsoring the initiative as part of the Cyber Secure campaign. The event expands on the DoD ‘Hack the Pentagon’ by broadening the participation pool from U.S. citizens to include “white hat” hackers from the United Kingdom, Canada, Australia, and New Zealand.
Air Force Chief Information Security Officer Peter Kim made the announcement at a kick-off event held at the headquarters of HackerOne, the contracted security consulting firm running the contest.
“This outside approach--drawing on the talent and expertise of our citizens and partner-nation citizens--in identifying our security vulnerabilities will help bolster our cybersecurity. We already aggressively conduct exercises and 'red team' our public facing and critical websites. But this next step throws open the doors and brings additional talent onto our cyber team,” says Air Force Chief of Staff Gen. David Goldfein.
White hat hacking and crowdsourced security concepts are considered to be industry standards used by small businesses and large corporations alike to better secure their networks against malicious attacks. Bug bounty programs offer paid bounties for all legitimate vulnerabilities reported.
“This is the first time the Air Force has opened up our networks to such a broad scrutiny,” says Air Force Chief Information Security Officer Peter Kim. “We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities.”
Keen to leverage private sector talent, the Air Force partnered with DDS to launch the Air Force Digital Service team in January 2017, affording a creative solution that turns that competition for talent into a partnership.
"The whole idea of 'security through obscurity' is completely backwards. We need to understand where our weaknesses are in order to fix them, and there is no better way than to open it up to the global hacker community," says Chris Lynch of the Defense Digital Service (DDS), an organization comprised of industry experts incorporating critical private sector experience across numerous digital challenges.
The DoD’s ‘Hack the Pentagon’ initiative was launched by the Defense Digital Service in April 2016 as the first bug bounty program employed by the federal government. More than 1,400 hackers registered to participate in the program. Nearly 200 reports were received within the first six hours of the program’s launch, and $75,000 in total bounties was paid out to participating hackers.
Registration for the ‘Hack the Air Force’ event opens on May 15th on the HackerOne website. The contest opens on May 30th and ends on June 23rd. Military members and government civilians are not eligible for compensation, but can participate on-duty with supervisor approval.