- CONTRACT VEHICLES
- RESOURCE CENTER
The U.S. Air Force has announced that it is launching a "bug bounty" challenge from May 30 to June 23, allowing hackers to scan for cybersecurity vulnerabilities on its public-facing websites in exchange for cash rewards.
The challenge, billed as "Hack the Air Force," is open to cybersecurity specialists and "white hat" hackers from the United States and four allied nations: Australia, Canada, New Zealand, and United Kingdom.
"The initiative is part of the Cyber Secure campaign sponsored by the Air Force’s Chief Information Officer as a measure to further operationalize the domain and leverage talent from both within and outside the Defense Department," read the Air Force's official announcement.
“This is the first time the AF has opened up our networks to such a broad scrutiny,” said Peter Kim, the Chief Information Security Officer (CIO) of the Air Force. “We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities.”
In April 2016, the Department of Defense launched "Hack the Pentagon," the first bug bounty program implemented by the Federal government. Over 1,400 hackers participated, resulting in almost 200 critical vulnerability reports within the first six hours. "Hack the Air Force" is intended as an expansion of this program.
“This challenge is especially relevant now. Aggressive 'friendly' attackers challenge emerging and operational systems to discover weaknesses before they are found and exploited by true adversaries," comments Dr. Julie E. Mehan, MetroStar Systems Director of Cybersecurity Strategy and Alignment. "The results of this challenge can serve as a hedge against surprise, especially catastrophic ones, and against accepted cybersecurity assumptions and solutions.”
Registration for "Hack the Air Force" opens on May 15 via HackerOne, the contracted security consulting firm running the challenge.