Most people think of hackers as dangerous criminals and menace to the online society. However, this can’t be said for the US Air Force, that has recognized the potential of these experts, and have completely embraced their capabilities.
This week was marked by the official start of online registration for the bug bounty program. This is being organized for the purpose of finding and eliminating any vulnerabilities in the Air Force’s security, and hackers have been invited to join in. Some were wondering whether or not is the Air Force going to go through with this plan, considering the recent ransomware attack, but it would seem that they’re not giving up on the plan.
They believe that this is a good learning experience for them and that the outsiders that are going to try and take a look at their security can only help with developing it even further.
Peter E. Kim, who serves as the chief information security officer for the Air Force believes that cyber-threats don’t only come as individuals or small groups. He believes that this is a method used by entire countries in attempts to spy on each other and damage the rival’s security and network.
There’s been some criticism lately about the old equipment and outdated that the US military, and even Pentagon, are still using. Kim has stated that those accusations aren’t completely false, however, the Air Force has done its part when it comes to the modernization of the security. He also said that many companies around the world use outdated equipment and that the military isn’t alone when it comes to using old hardware and software.
Still, the modernization is done, and this bug bounty program will show how good it is, and also help with suggesting on what more needs to be done.
The program itself is called ‘Hack the Air Force’, and it’ll be coordinated through a bug platform based in San Francisco called HackerOne. The same platform already organized bug bounties for the Pentagon and the US Army.
Every flaw that the hackers manage to find will be rewarded, and the reward itself depends on the flaw’s severity. Registration has started on Monday, and the candidates have until May 29 to officially enter the program. The bug hunt will start the next day, and it will end on June 23. Still, only the hackers from five countries are allowed to participate, and those include the US itself, Canada, UK, Australia, and New Zealand.
After the program is over, the next period will be all about fixing the flaws. Even though the systems are constantly being checked, that kind of security has never stopped determined hackers from breaking in, which is the very reason for organizing this event. Kim believes that this will finally reveal all the vulnerabilities that they’re missing.
He also said that the program will focus on the websites available to the public since that’s the easiest way for a hacker to break into the system. He said that the companies like Facebook have been doing this for years and that their security is getting better and better due to similar bounties.
Kim also mentioned the story about the Defense Digital Service, which prepared a $1 million to pay experts that will find flaws in their systems. After an entire year, only a 10 smaller vulnerabilities were found. When the similar deal was offered to the hackers, they’ve found tons of serious flaws in return for the reward. During the first six hours of the 2016’s ‘Hack the Pentagon’ program, more than $75,000 was paid for over 200 bug reports.
A similar thing happened during the ‘Hack the Army’ program, with the first flaw found within the first 5 minutes. In total, Army paid almost $100,000 for the reports.
Even though they’re paying a lot of money, it’s definitely worth it, and they’re even hoping to ‘harness the talent’ of the more skilled hackers. Kim believes that someone familiar with the way the attacks work might be the best defender. He even mentioned several hackers that he’d met in the past. They’re doing what they’re doing for the thrill, but also have the strong sense of patriotism, which is a very useful thing when it comes to defending the systems of such important institutions.