The Air Force wants to start playing more offense when it comes to cyber security, and it’s looking to friendly hackers for help in changing up the game.
From May 30 to June 23, the Air Force is inviting “vetted computer security specialists” to hack its public websites in an effort to find vulnerabilities. The sites will not hold any sensitive or classified materials, but the planned intrusions will help bolster cybersecurity, according a USAF spokesman.
Unlike the Defense Department’s Hack the Pentagon initiative, which first launched in April 2016, and a similar program conducted by the Army, the Air Force is not only asking US hackers to break into its sites, but also those from the United Kingdom, Canada, Australia, and New Zealand.
“This outside approach—drawing on the talent and expertise of our citizens and partner-nation citizens—in identifying our security vulnerabilities will help bolster our cybersecurity,” said Chief of Staff Gen. David Goldfein in a press release announcing the contest. “We already aggressively conduct exercises and ‘red team’ our public facing and critical websites. But this next strep throws open the doors and brings additional talent onto our cyber team.”
Air Force Chief Information Officer Peter Kim said “malicious hackers” try to access USAF’s systems every day and the “white hat hackers” can help the service better understand its weaknesses.
For example, in the most recent Hack the Pentagon contest, held earlier this year, white hat hackers were able to breach a file transfer system within hours that is often used to send sensitive e-mails, documents, and images between networks. The Defense Department already is fixing those problems.
An Air Force spokesman said the contest, which runs May 30 through June 23, is intended to “finally level the playing field, and get ahead of the problem instead of just playing defense.” But there may be another benefit as well.
Cyber is among the Air Force’s most critical and overly stressed career fields. Former Air Force Secretary Deborah Lee James said USAF is aggressively trying to recruit civilian talent into the Guard and Reserves, hoping such operators can fulfill a patriot duty will still retaining their higher paying civilian careers. However, the service also needs to “open up the aperture” as it looks to fill its cyber ranks, said James at the time.
The focus for Hack the Air Force “has been to recruit talent to participate in the bug bounty, but we absolutely want those compelled to support our national defense to take advantage of the multiple avenues available to serve in a government capacity,” said USAF spokesman Ed Gulick.
Registration for the Hack the Air Force event opens on May 15.