IMMEDIATE RELEASE No. NR-145-17
April 26, 2017
Air Force Issues Challenge to ?Hack the Air Force?
The Air Force is inviting vetted computer security specialists from across
the U.S. and select partner nations to do their best to hack some of its
key public websites.
The initiative is part of the Cyber Secure campaign sponsored by the Air
Force?s Chief Information Office as a measure to further operationalize the
domain and leverage talent from both within and outside the Department of
The event expands on the DoD ?Hack the Pentagon? bug bounty program by
broadening the participation pool from U.S. citizens to include ?white hat?
hackers from the United Kingdom, Canada, Australia and New Zealand.
?This outside approach--drawing on the talent and expertise of our
citizens and partner-nation citizens--in identifying our security vulnerabilities
will help bolster our cybersecurity. We already aggressively conduct
exercises and 'red team' our public facing and critical websites. But this next
step throws open the doors and brings additional talent onto our cyber team,?
said Air Force Chief of Staff Gen. David Goldfein.
White hat hacking and crowdsourced security concepts are industry
standards that are used by small businesses and large corporations alike to better
secure their networks against malicious attacks. Bug bounty programs offer
paid bounties for all legitimate vulnerabilities reported.
?This is the first time the AF has opened up our networks to such a broad
scrutiny,? said Air Force Chief Information Security Officer Peter Kim. ?
We have malicious hackers trying to get into our systems every day. It will
be nice to have friendly hackers taking a shot and, most importantly,
showing us how to improve our cybersecurity and defense posture. The additional
participation from our partner nations greatly widens the variety of
experience available to find additional unique vulnerabilities.?
Kim made the announcement at a kick-off event held at the headquarters of
HackerOne, the contracted security consulting firm running the contest.
"The whole idea of 'security through obscurity' is completely backwards.
We need to understand where our weaknesses are in order to fix them, and
there is no better way than to open it up to the global hacker community,"
said Chris Lynch of the Defense Digital Service (DDS), an organization
comprised of industry experts incorporating critical private sector experience
across numerous digital challenges.
The competition for technical talent in both the public and private
sectors is fiercer than it has ever been according to Kim. The Air Force must
compete with companies like Facebook and Google for the best and brightest,
particularly in the science, technology, engineering, and math fields.
Keen to leverage private sector talent, the Air Force partnered with DDS
to launch the Air Force Digital Service team in January 2017, affording a
creative solution that turns that competition for talent into a partnership.
In fact, Acting Secretary of the Air Force Lisa S. Disbrow and Gen.
Goldfein visited the Defense Digital Service and Air Force Digital Service in
early April to discuss a variety of initiatives the Air Force can benefit
?We're mobilizing the best talent from across the nation and among partner
nations to help strengthen the Air Force's cyber defenses. It's an
exciting venture, one that will make us better, and one that focuses an
incredible pool of capabilities toward keeping our Air Force sites secure," said
Acting Secretary Disbrow.
The DoD?s ?Hack the Pentagon? initiative was launched by the Defense
Digital Service in April 2016 as the first bug bounty program employed by the
federal government. More than 1,400 hackers registered to participate in the
program. Nearly 200 reports were received within the first six hours of
the program?s launch, and $75,000 in total bounties was paid out to
Registration for the ?Hack the Air Force? event opens on May 15th on the
website. The contest opens on May 30th and ends on June 23rd. Military members and
government civilians are not eligible for compensation, but can
participate on-duty with supervisor approval.
Updates from the U.S. Department of Defense