Military launches 'Hack the Air Force' bug bounty program

Military launches 'Hack the Air Force' bug bounty program
© Getty Images

The Air Force announced its first bug bounty challenge on Wednesday, the third such program run in the United States military. 

Bug bounties reward third-party researchers for finding and reporting weaknesses in organizations' cybersecurity — effectively rewarding outsiders to hack private networks.

"We are under attack right now. And [the attackers] aren’t telling us what’s going wrong," said Peter Kim, the Air Force's chief information security officer at a live streamed launch announcement.

Kim later added: "At the Air Force, we don’t have enough people who can do this on every [vulnerable system]." 

ADVERTISEMENT

The "Hack the Air Force" program will be run by the contractor HackerOne. It will apply to public-facing Air Force systems.

A unique wrinkle for the program is that, for the first time, the U.S. military will allow hackers who are not American citizens to participate. The foreign hackers will be limited to those from four close ally nations — the United Kingdom, Canada, New Zealand and Australia. 

"We work with all four of those nations on some sensitive projects," explained Kim. Those four countries plus the United States comprise the "Five Eyes" agreement for signals intelligence sharing. 

As with past U.S. military bug bounty programs, hackers will be required to register in advance and be vetted, something not always the case with these kinds of initiatives when run in the private sector. 

Registration for "Hack the Air Force" will begin on May 15.

The first Department of Defense bug bounty program, "Hack the Pentagon," came in April 2016. It received around 200 reports of vulnerabilities and paid $75,000 in bounties. The DoD soon launched its first follow-up program tailored for a specific branch, "Hack the Army."

Kim was joined at the launch event by Alex Rice, chief technology officer of HackerOne, and Chris Lynch, director of the Defense Digital Service.

Kim said anyone with the skills to succeed and in search of a longer challenge should consider joining the Air Force and working full-time on its defense. 

"If you've got the mojo, talk to me or Chris," he said. "Don't talk to Alex. We want you to work for us."