HomeNews

Do you have what it takes to ‘Hack the Air Force’?

Acting Secretary of the Air Force Lisa Disbrow and Air Force Chief of Staff Gen. David L. Goldfein discuss the importance of Defense Digital Service and what they bring to the fight with Chris Lynch, the team leader (right) and Paul Tagliamonte, a section member at the Pentagon, April 12, 2017. The DDS section is a unique team of industry experts assisting the Air Force. (U.S. Air Force photo/Wayne A. Clark)

Acting Secretary of the Air Force Lisa Disbrow and Air Force Chief of Staff Gen. David L. Goldfein discuss the importance of Defense Digital Service and what they bring to the fight with Chris Lynch, the team leader (right) and Paul Tagliamonte, a section member at the Pentagon, April 12, 2017. The DDS section is a unique team of industry experts assisting the Air Force. (U.S. Air Force photo/Wayne A. Clark)

(From left) Alex Rice, chief technology officer and co-founder of HackerOne, Peter Kim, Air Force chief information security officer and Chris Lynch, director of Defense Digital Service, announce the upcoming "Hack the Air Force" event at HackerOne headquarters in San Francisco, April 26, 2017. Registration for ‘Hack the Air Force’ is scheduled to begin May 15 on the HackerOne website and is open to U.S, U.K., Australian, New Zealand and Canadian citizens. (U.S. Air Force photo/Tech. Sgt. Dan DeCook)

(From left) Alex Rice, chief technology officer and co-founder of HackerOne, Peter Kim, Air Force chief information security officer and Chris Lynch, director of Defense Digital Service, announce the upcoming "Hack the Air Force" event at HackerOne headquarters in San Francisco, April 26, 2017. Registration for ‘Hack the Air Force’ is scheduled to begin May 15 on the HackerOne website and is open to U.S, U.K., Australian, New Zealand and Canadian citizens. (U.S. Air Force photo/Tech. Sgt. Dan DeCook)

SAN FRANCISCO (AFNS) -- The Air Force is inviting vetted computer security specialists from across the U.S. and select partner nations to do their best to hack some of its key public websites.

The initiative is part of the Cyber Secure campaign sponsored by the Air Force’s Chief Information Officer as a measure to further operationalize the domain and leverage talent from both within and outside the Defense Department.

The event expands on the DOD ‘Hack the Pentagon’ bug bounty program by broadening the participation pool from U.S. citizens to include “white hat” hackers from the United Kingdom, Canada, Australia and New Zealand.

“This outside approach--drawing on the talent and expertise of our citizens and partner-nation citizens--in identifying our security vulnerabilities will help bolster our cybersecurity. We already aggressively conduct exercises and 'red team' our public facing and critical websites. But this next step throws open the doors and brings additional talent onto our cyber team,” said Air Force Chief of Staff Gen. David L. Goldfein.

White hat hacking and crowdsourced security concepts are industry standards that are used by small businesses and large corporations alike to better secure their networks against malicious attacks. Bug bounty programs offer paid bounties for all legitimate vulnerabilities reported.

“This is the first time the AF has opened up our networks to such a broad scrutiny,” said Peter Kim, the Air Force Chief Information Security Officer. “We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities.”

Kim made the announcement at a kick-off event held at the headquarters of HackerOne, the contracted security consulting firm running the contest.

"The whole idea of 'security through obscurity' is completely backwards. We need to understand where our weaknesses are in order to fix them, and there is no better way than to open it up to the global hacker community," said Chris Lynch of the Defense Digital Service, an organization comprised of industry experts incorporating critical private sector experience across numerous digital challenges.

The competition for technical talent in both the public and private sectors is fiercer than it has ever been according to Kim. The Air Force must compete with companies like Facebook and Google for the best and brightest, particularly in the science, technology, engineering, and math fields.

Keen to leverage private sector talent, the Air Force partnered with DDS to launch the Air Force Digital Service team in January 2017, affording a creative solution that turns that competition for talent into a partnership.

In fact, Goldfein and Acting Secretary of the Air Force Lisa S. Disbrow visited the Defense Digital Service and Air Force Digital Service in early April to discuss a variety of initiatives the Air Force can benefit from.

 “We're mobilizing the best talent from across the nation and among partner nations to help strengthen the Air Force's cyber defenses. It's an exciting venture, one that will make us better, and one that focuses an incredible pool of capabilities toward keeping our Air Force sites secure," Disbrow said.

The DOD’s ‘Hack the Pentagon’ initiative was launched by the Defense Digital Service in April 2016 as the first bug bounty program employed by the federal government. More than 1,400 hackers registered to participate in the program. Nearly 200 reports were received within the first six hours of the program’s launch, and $75,000 in total bounties was paid out to participating hackers.

Registration for the ‘Hack the Air Force’ event opens May 15 on the HackerOne website. The contest opens May 30 and ends June 23. Military members and government civilians are not eligible for compensation, but can participate on-duty with supervisor approval.
USAF Comments Policy
If you wish to comment, use the text box below. AF reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The AF and the AF alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the AF, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying AF endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

AF does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. AF may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. AF does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the AF or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.

News Search