Air Force Issues Challenge to “Hack the Air Force” 04/26/2017 04:10 PM CDT --

Thu Apr 27 16:40:07 CDT 2017


       IMMEDIATE RELEASE No. NR-145-17
April 26,  2017    
Air Force Issues Challenge to “Hack the Air Force”

The Air Force is inviting vetted computer  security specialists from across 
the U.S. and select partner nations to do  their best to hack some of its 
key public websites. 
The initiative is part of the Cyber Secure  campaign sponsored by the Air 
Force’s Chief Information Office as a  measure to further operationalize the 
domain and leverage talent from both  within and outside the Department of 
The event expands on the DoD ‘Hack the  Pentagon’ bug bounty program by 
broadening the participation pool from  U.S. citizens to include “white hat” 
hackers from the United Kingdom,  Canada, Australia and New Zealand. 
“This outside approach--drawing on the  talent and expertise of our 
citizens and partner-nation citizens--in  identifying our security vulnerabilities 
will help bolster our  cybersecurity. We already aggressively conduct 
exercises and 'red team'  our public facing and critical websites. But this next 
step throws open  the doors and brings additional talent onto our cyber team,”
 said Air  Force Chief of Staff Gen. David Goldfein. 
White hat hacking and crowdsourced security  concepts are industry 
standards that are used by small businesses and  large corporations alike to better 
secure their networks against malicious  attacks. Bug bounty programs offer 
paid bounties for all legitimate  vulnerabilities reported. 
“This is the first time the AF has opened up  our networks to such a broad 
scrutiny,” said Air Force Chief Information  Security Officer Peter Kim.  “
We have malicious hackers trying to get  into our systems every day. It will 
be nice to have friendly hackers  taking a shot and, most importantly, 
showing us how to improve our  cybersecurity and defense posture. The additional 
participation from our  partner nations greatly widens the variety of 
experience available to find  additional unique vulnerabilities.” 
Kim made the announcement at a kick-off  event held at the headquarters of 
HackerOne, the contracted security  consulting firm running the contest. 
"The whole idea of 'security through  obscurity' is completely backwards. 
We need to understand where our  weaknesses are in order to fix them, and 
there is no better way than to  open it up to the global hacker community," 
said Chris Lynch of the  Defense Digital Service (DDS), an organization 
comprised of industry  experts incorporating critical private sector experience 
across numerous  digital challenges.

The competition for technical talent in  both the public and private 
sectors is fiercer than it has ever been  according to Kim. The Air Force must 
compete with companies like Facebook  and Google for the best and brightest, 
particularly in the science,  technology, engineering, and math fields.
Keen to leverage private sector talent, the  Air Force partnered with DDS 
to launch the Air Force Digital Service team  in January 2017, affording a 
creative solution that turns that competition  for talent into a partnership. 
In fact, Acting Secretary of the Air Force  Lisa S. Disbrow and Gen. 
Goldfein visited the Defense Digital Service and  Air Force Digital Service in 
early April to discuss a variety of  initiatives the Air Force can benefit 
“We're mobilizing the best talent from  across the nation and among partner 
nations to help strengthen the Air  Force's cyber defenses.  It's an 
exciting venture, one that will make  us better, and one that focuses an 
incredible pool of capabilities toward  keeping our Air Force sites secure," said 
Acting Secretary  Disbrow.  
The DoD’s ‘Hack the Pentagon’ initiative was  launched by the Defense 
Digital Service in April 2016 as the first bug  bounty program employed by the 
federal government. More than 1,400 hackers  registered to participate in the 
program. Nearly 200 reports were received  within the first six hours of 
the program’s launch, and $75,000 in total  bounties was paid out to 
participating hackers. 
Registration for the ‘Hack the Air Force’ event opens on May  15th on the 
_HackerOne_ (
website. The contest opens on  May 30th and ends on June 23rd. Military members and 
 government civilians are not eligible for compensation, but can  
participate on-duty with supervisor approval.


Updates from the U.S. Department of Defense 

More information about the cctalk mailing list