Advertisement

Air Force hackathon puts real data on open source code

The hackathon was the first of its kind. The broader goal is to "attack the ATO," the chief digital transformation officer said.
Staff Sgt. Alek Albrecht participates in a Network War Bridge Course at the 39th Information Operations Squadron Sept. 19, 2014, Hurlburt Field, Fla. Albrecht is practicing to hack into a simulated network to better understand what techniques real hackers may use when attempting to infiltrate Air Force networks. Air Force Space Command provides trained and ready cyber forces to the warfighter through 24th Air Force. Albrecht is a Air Force Network Operations and Security Center enterprise network technician. (U.S. Air Force photo/Airman 1st Class Krystal Ardrey)

The Air Force for the first time used open source code and airmen-designed applications on real weapons system data during a hackathon in January, its head of digital transformation told FedScoop.

The Department of Defense has sponsored hackathons before, typically focused on security bugs. But, “Bravo 0” was the first secret-classification hackathon with 80 hackers working on a so-called “air gapped” system at Nellis Air Force Base. The event yielded several new applications that Stuart Wagner, the Air Force’s chief digital transformation officer, said that senior leaders across the Air Force are interested in using in real-life scenarios.

“It felt like we’re beginning to miss the information age,” Wagner said of the inspiration behind the event. He invoked the Air Force’s founder, saying “we needed a Billy Mitchell moment, a project B moment” to spark innovation across the department.

The long-term goal of the event was to show more senior leaders how developers can solve problems. With senior leaders bought into the power of software—especially software crafted at the hands of airmen—Wagner said the Air Force will have more political power to attack the real problem: the Authority to Operate, or ATO.

Advertisement

The ATO is the largest speed-zapping bump in the road for developers. It’s a required step to getting code on Air Force systems to ensure there are not gaping security holes, but critics of the model say it’s outdated and to focused on check lists compliance over than actual security.

“ATOs are heavily oriented toward the assessment of doing something,” he said. “The [risk management framework] never asks what the risk of delay is.”

A more immediate goal, Wagner said, was developing ways for airmen to test unauthorized software on real data to know what is worth sending through the ATO process vs. what prototype apps only works in a synthetic environment with made-up data.

“Now I can prioritize where I can spend my ATO fires,” he said.

Wagner was able to take open source software and use it on real data because he built an air-gapped environment with developers bringing in code on DVD discs. He also allowed developers to use their own virtual machines while working a platform initially developed by the Defense Advanced Research Projects Agency (DARPA) that the Air Force picked up called “STITCHES.” The Air Force also used the Joint Artificial Intelligence Center‘s Joint Common Foundation in their tech development stack.

Advertisement

Beyond the tech, new cultural practices the Air Forced used was a relaxed dress code, 24-hour operations for coders to choose their own hours and a short six-day window to complete projects.

“It’s the best ideas that wins, not the rightest rank that wins,” Wagner said.

No specific problem areas were assigned, coders were just given data and told to make solutions to the problems they saw, Wagner added.

Latest Podcasts