Defense

Air Force invites hackers to a friendly dogfight

 

First it was the Pentagon. Then it was the Army. Now, the Air Force is calling on hackers to take aim and fire their best cyber shots. Starting on May 15, "vetted computer specialists" can register for the Hack the Air Force bug bounty program.

"We have malicious hackers trying to get into our systems every day," said Air Force Chief Information Security Officer Peter Kim at the kickoff event held at the headquarters of HackerOne, which is running the competition.

"It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture," Kim said.

The Air Force is building on previous bounties by opening the competition to white hat hackers from "Five Eyes" nations: the U.S. plus United Kingdom, Canada, Australia and New Zealand.

The Defense Digital Service launched the Pentagon bug bounties. In January, the Air Force announced it was staffing up its own franchise of the DDS, shortly after the Army did the same.

The Hack the Pentagon competition in the spring of 2016 attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved, and hackers received $75,000 of prize money in return.

In late 2016, the Army advanced the concept by allowing hackers into public-facing recruiting sites containing dynamic data. In that competition, 371 participants filed more than 400 vulnerability reports, 118 of which were actionable.

That competition also opened the door to active military and government workers, which will also be the case for the Hack the Air Force competition -- though they are not eligible to collect prize money.

Coinciding with the Hack the Army event, the Department of Defense issued new guidance in coordination with the Department of Justice that provided a legal avenue for hackers to disclose vulnerabilities to the Pentagon on an ongoing basis.

"The Vulnerability Disclosure Policy is a 'see something, say something' policy for the digital domain," said former Secretary of Defense Ash Carter when the policy was announced.  

Editor's note: This article was updated April 27.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group