The Air Force is inviting vetted computer security specialists from across the U.S. and select partner nations to do their best to hack some of its key public websites.
The initiative is part of the Cyber Secure campaign sponsored by the Air Force’s Chief Information Office as a measure to further operationalize the domain and leverage talent from both within and outside the Department of Defense.
The event expands on the DoD ‘Hack the Pentagon’ bug bounty program by broadening the participation pool from U.S. citizens to include “white hat” hackers from the United Kingdom, Canada, Australia and New Zealand.
“This outside approach–drawing on the talent and expertise of our citizens and partner-nation citizens–in identifying our security vulnerabilities will help bolster our cybersecurity. We already aggressively conduct exercises and ‘red team’ our public facing and critical websites. But this next step throws open the doors and brings additional talent onto our cyber team,” said Air Force Chief of Staff Gen. David Goldfein.
White hat hacking and crowdsourced security concepts are industry standards that are used by small businesses and large corporations alike to better secure their networks against malicious attacks. Bug bounty programs offer paid bounties for all legitimate vulnerabilities reported.
“This is the first time the AF has opened up our networks to such a broad scrutiny,” said Air Force Chief Information Security Officer Peter Kim. “We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities.”
Kim made the announcement at a kick-off event held at the headquarters of HackerOne, the contracted security consulting firm running the contest.
“The whole idea of ‘security through obscurity’ is completely backwards. We need to understand where our weaknesses are in order to fix them, and there is no better way than to open it up to the global hacker community,” said Chris Lynch of the Defense Digital Service (DDS), an organization comprised of industry experts incorporating critical private sector experience across numerous digital challenges.
The competition for technical talent in both the public and private sectors is fiercer than it has ever been according to Kim. The Air Force must compete with companies like Facebook and Google for the best and brightest, particularly in the science, technology, engineering, and math fields.
Keen to leverage private sector talent, the Air Force partnered with DDS to launch the Air Force Digital Service team in January 2017, affording a creative solution that turns that competition for talent into a partnership.
In fact, Acting Secretary of the Air Force Lisa S….