Defense

Air Force opens itself up to hacking, again

It's the "most inclusive" bug bounty program to date, meaning that foreign nationals — except those from China, Russia, Iran or North Korea — are welcome to participate.

By Tajha Chappellet-Lanier

November 6, 2018

Staff Sgt. Alek Albrecht participates in a Network War Bridge Course at the 39th Information Operations Squadron Sept. 19, 2014, Hurlburt Field, Fla. Albrecht is practicing to hack into a simulated network to better understand what techniques real hackers may use when attempting to infiltrate Air Force networks. Air Force Space Command provides trained and ready cyber forces to the warfighter through 24th Air Force. Albrecht is a Air Force Network Operations and Security Center enterprise network technician. (U.S. Air Force photo/Airman 1st Class Krystal Ardrey)

The Air Force announced Monday that it has invited hackers from 191 countries to try to find vulnerabilities in systems it recently migrated to the cloud.

Yes — it’s Hack the Air Force round three. And it’s the “most inclusive” edition to date, meaning that foreign nationals — except those from China, Russia, Iran or North Korea — are welcome to participate.

This third round of the program, run in partnership with the Defense Digital Service and bug bounty platform HackerOne, will run until Nov. 22. The minimum payout for a critical vulnerability is $5,000, but that could be increased if the vulnerability is particularly integral to a system.

For example, during the kickoff event for Hack the Air Force 2.0 in December 2017, white hat hackers Brett Buerhaus and Mathias Karlsson earned $10,650 for discovering and disclosing a vulnerability that let the duo access the Defense Department’s unclassified internal network. It remains the largest single payout in the network of Hack the Pentagon challenges, HackerOne says.

“Hack the AF 3.0 demonstrates the Air Force’s willingness to fix vulnerabilities that present critical risks to the network,” Wanda Jones-Heath, Air Force chief information security officer, said in a statement.

The Air Force isn’t the only service taking advantage of crowdsourced cybersecurity possibilities — since the initial launch of Hack the Pentagon in 2016, HackerOne has run a number of programs for DOD, including Hack the Army, Hack the Air Force, Hack the DTS, Hack the Air Force 2, and Hack the Marine Corps. The Pentagon recently extended its contract with HackerOne and other bug bounty services.

Nor is this phenomenon limited to defense — the General Services Administration, the first civilian agency to run a bug bounty program, is also getting in on the action. The agency recently awarded a $2 million contract to HackerOne for the facilitation of bug bounty programs over the next few years.

The Air Force is distinct, however, in the sheer number of bounties it has organized. “The U.S. Air Force is the only military organization in the world to tap the hacker community for cybersecurity help three times,” Marten Mickos, CEO of HackerOne, said in a statement. “Their relentless dedication to uncovering vulnerabilities before their adversaries through innovative measures remains unmatched.”

Air Force opens itself up to hacking, again

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

Government leaders share strategies for embracing AI at federal innovation summit

Top Stories

Generative AI could raise questions for federal records laws

Cybersecurity executive order requirements are nearly complete, GAO says

White House hopeful ‘more maturity’ of data collection will improve AI inventories

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

State Department encouraging workers to use ChatGPT

Federal CIO calls on Congress to fund Technology Modernization Fund

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

More Scoops

Ongoing bug-bounty pilot pinpoints many vulnerabilities in DOD’s cyberspace

Air Force CIO: ‘We’re not waiting’ for JWCC

Air Force to bring top-secret data into the mix in next weapons system hackathon

DOD expands vulnerability disclosure program to contracting base in pilot

Air Force considering shaking up its software factories

Air Force positions autonomous drones, networked weapon systems as top priorities

Air Force, Army remain divided over modernization investments

Latest Podcasts

Air Force opens itself up to hacking, again

Los Angeles CIO discusses how AI and cloud technologies transform urban public services

GSA wants to be the leader in federal generative AI

AI Week 2024 has Come and Gone

Tech

Defense

Cyber

Acquisition