Defense

Air Force invites hackers to a friendly dogfight

 

First it was the Pentagon. Then it was the Army. Now, the Air Force is calling on hackers to take aim and fire their best cyber shots. Starting on May 15, "vetted computer specialists" can register for the Hack the Air Force bug bounty program.

"We have malicious hackers trying to get into our systems every day," said Air Force Chief Information Security Officer Peter Kim at the kickoff event held at the headquarters of HackerOne, which is running the competition.

"It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture," Kim said.

The Air Force is building on previous bounties by opening the competition to white hat hackers from "Five Eyes" nations: the U.S. plus United Kingdom, Canada, Australia and New Zealand.

The Defense Digital Service launched the Pentagon bug bounties. In January, the Air Force announced it was staffing up its own franchise of the DDS, shortly after the Army did the same.

The Hack the Pentagon competition in the spring of 2016 attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved, and hackers received $75,000 of prize money in return.

In late 2016, the Army advanced the concept by allowing hackers into public-facing recruiting sites containing dynamic data. In that competition, 371 participants filed more than 400 vulnerability reports, 118 of which were actionable.

That competition also opened the door to active military and government workers, which will also be the case for the Hack the Air Force competition -- though they are not eligible to collect prize money.

Coinciding with the Hack the Army event, the Department of Defense issued new guidance in coordination with the Department of Justice that provided a legal avenue for hackers to disclose vulnerabilities to the Pentagon on an ongoing basis.

"The Vulnerability Disclosure Policy is a 'see something, say something' policy for the digital domain," said former Secretary of Defense Ash Carter when the policy was announced.  

Editor's note: This article was updated April 27.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.