Do you have what it takes to ‘Hack the Air Force?’

Maryland Independent - - News - By ED GULICK Sec­re­tary of the Air Force Pub­lic Af­fairs

The Air Force is invit­ing vet­ted com­puter se­cu­rity spe­cial­ists from across the U.S. and se­lect part­ner na­tions to do their best to hack some of its key pub­lic web­sites.

The ini­tia­tive is part of the Cy­ber Se­cure cam­paign spon­sored by the Air Force’s Chief In­for­ma­tion Of­fi­cer as a mea­sure to fur­ther op­er­a­tional­ize the do­main and lever­age tal­ent from both within and out­side the De­fense De­part­ment.

The event ex­pands on the DOD “Hack the Pen­tagon” bug bounty pro­gram by broad­en­ing the par­tic­i­pa­tion pool from U.S. cit­i­zens to in­clude “white hat” hack­ers from the United King­dom, Canada, Aus­tralia and New Zealand.

“This out­side ap­proach — draw­ing on the tal­ent and ex­per­tise of our cit­i­zens and part­ner-na­tion cit­i­zens — in iden­ti­fy­ing our se­cu­rity vulnerabilities will help bol­ster our cy­ber­se­cu­rity. We al­ready ag­gres­sively con­duct ex­er­cises and ‘red team’ our pub­lic fac­ing and crit­i­cal web­sites. But this next step throws open the doors and brings ad­di­tional tal­ent onto our cy­ber team,” said Air Force Chief of Staff Gen. David L. Gold­fein.

White hat hack­ing and crowd­sourced se­cu­rity con­cepts are in­dus­try stan­dards that are used by small busi­nesses and large cor­po­ra­tions alike to bet­ter se­cure their net­works against ma­li­cious at­tacks. Bug bounty pro­grams of­fer paid boun­ties for all le­git­i­mate vulnerabilities re­ported.

“This is the first time the AF has opened up our net­works to such a broad scru­tiny,” said Peter Kim, the Air Force Chief In­for­ma­tion Se­cu­rity Of­fi­cer. “We have ma­li­cious hack­ers try­ing to get into our sys­tems ev­ery day. It will be nice to have friendly hack­ers tak­ing a shot and, most im­por­tantly, show­ing us how to im­prove our cy­ber­se­cu­rity and de­fense pos­ture. The ad­di­tional par­tic­i­pa­tion from our part­ner na­tions greatly widens the va­ri­ety of ex­pe­ri­ence avail­able to find ad­di­tional unique vulnerabilities.”

Kim made the an­nounce­ment at a kick-off event held at the head­quar­ters of Hack­erOne, the con­tracted se­cu­rity con­sult­ing firm run­ning the con­test.

“The whole idea of ‘se­cu­rity through ob­scu­rity’ is com­pletely back­wards. We need to un­der­stand where our weak­nesses are in or­der to fix them, and there is no bet­ter way than to open it up to the global hacker com­mu­nity,” said Chris Lynch of the De­fense Dig­i­tal Ser­vice, an or­ga­ni­za­tion com­prised of in­dus­try ex­perts in­cor­po­rat­ing crit­i­cal pri­vate sec­tor ex­pe­ri­ence across numer­ous dig­i­tal chal­lenges.

The com­pe­ti­tion for tech­ni­cal tal­ent in both the pub­lic and pri­vate sec­tors is fiercer than it has ever been ac­cord­ing to Kim. The Air Force must com­pete with com­pa­nies like Face­book and Google for the best and bright­est, par­tic­u­larly in the sci­ence, tech­nol­ogy, en­gi­neer­ing and math fields.

Keen to lever­age pri­vate sec­tor tal­ent, the Air Force part­nered with DDS to launch the Air Force Dig­i­tal Ser­vice team in Jan­uary, af­ford­ing a cre­ative so­lu­tion that turns that com­pe­ti­tion for tal­ent into a part­ner­ship.

In fact, Gold­fein and Act­ing Sec­re­tary of the Air Force Lisa S. Dis­brow vis­ited the De­fense Dig­i­tal Ser­vice and Air Force Dig­i­tal Ser­vice in early April to dis­cuss a va­ri­ety of ini­tia­tives the Air Force can ben­e­fit from.

“We’re mo­bi­liz­ing the best tal­ent from across the na­tion and among part­ner na­tions to help strengthen the Air Force’s cy­ber de­fenses. It’s an ex­cit­ing ven­ture, one that will make us bet­ter, and one that fo­cuses an in­cred­i­ble pool of ca­pa­bil­i­ties to­ward keep­ing our Air Force sites se­cure,” Dis­brow said.

The DOD’s ‘Hack the Pen­tagon’ ini­tia­tive was launched by the De­fense Dig­i­tal Ser­vice in April 2016 as the first bug bounty pro­gram em­ployed by the fed­eral gov­ern­ment. More than 1,400 hack­ers reg­is­tered to par­tic­i­pate in the pro­gram. Nearly 200 re­ports were re­ceived within the first six hours of the pro­gram’s launch, and $75,000 in to­tal boun­ties was paid out to par­tic­i­pat­ing hack­ers.

Reg­is­tra­tion for the “Hack the Air Force” event is open on the Hack­erOne web­site. The con­test opens May 30 and ends June 23. Mil­i­tary mem­bers and gov­ern­ment civil­ians are not el­i­gi­ble for com­pen­sa­tion, but can par­tic­i­pate on-duty with su­per vi­sor ap­proval.

U.S. AIR FORCE PHOTO/TECH. SGT. DAN DECOOK

From left, Alex Rice, chief tech­nol­ogy of­fi­cer and co-founder of Hack­erOne, Peter Kim, Air Force chief in­for­ma­tion se­cu­rity of­fi­cer and Chris Lynch, di­rec­tor of De­fense Dig­i­tal Ser­vice, an­nounce the up­com­ing “Hack the Air Force” event at Hack­erOne head­quar­ters in San Francisco, April 26. Reg­is­tra­tion for ‘Hack the Air Force’ is sched­uled to be­gin May 15 on the Hack­erOne web­site and is open to U.S, U.K., Aus­tralian, New Zealand and Cana­dian cit­i­zens.

U.S. AIR FORCE PHOTO/WAYNE A. CLARK

Act­ing Sec­re­tary of the Air Force Lisa Dis­brow and Air Force Chief of Staff Gen. David Gold­fein dis­cuss the im­por­tance of De­fense Dig­i­tal Ser­vice (DDS) and what they bring to the fight with Team leader Chris Lynch, right, and sec­tion mem­ber Paul Taglia­monte at the Pen­tagon, April 12. The DDS sec­tion is a unique team of in­dus­try ex­perts as­sist­ing the Air Force.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.