Posted by Vincent Banial
The recent DOD ‘Hack the Pentagon’ contest was a success. That contest was limited to US based Cyber Security enthusiasts. The United States Air Force “Hack the Air Force” contest, will be expanding the opportunity to join in the contest by allowing individuals and groups from the following countries to also participate (in addition to US Citizens): United Kingdom, Canada, Australia and New Zealand.
The Hack the Air Force contest is being run with the help of CyberSeurity Firm HackerOne. The HackerOne platform will help allows White Hat Hackers to submit their Security Holes in a safe and secure manner.
Video is courtesy of the HackerOne YouTube channel
On the HackerOne main website page they state :
“77% of Programs Find Security Vulnerabilities within 24 Hours.”.
This sounds like a great move by the Department of Defence and the US Air Force. The prior “hack the Pentagon” contest was a great success. This new Hack the Air Force contest will allow non-US based CyberSecurity Talent to participate. The more people joining the contest the more Security Vulnerabilities I suspect will be found.
This should be a win-win for bothe the Air Force and for the White Hat Hackers. The HackerOne facebook page states that $16 Million in bounties have been paid out in prior HackerOne coordinated White Hat Hacking events.
Registration for the ‘Hack the Air Force’ event opens May 15 on the HackerOne website. The contest opens May 30 and ends June 23. Military members and government civilians are not eligible for compensation but can participate on-duty with supervisor approval. Mark your calendars and make sure that you register starting on May
Mark your calendars and make sure that you register starting on May 15 2017.
Click on this link to view other Cyber Security posts on Uniquely Toronto.
Statement by Pentagon Press Secretary Peter Cook on DoD’s “Hack the Pentagon” Cybersecurity Initiative
Release No: NR-070-16
March 2, 2016
The Department of Defense announced today that it will invite vetted hackers to test the department’s cybersecurity under a unique pilot program. The “Hack the Pentagon” initiative is the first cyber bug bounty program in the history of the federal government.
Under the pilot program, the department will use commercial sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department’s public webpages. The bug bounty program is modeled after similar competitions conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products, and digital services. The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.
Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program. Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system. Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program. Participants in the competition could be eligible for monetary awards and other recognition.
This innovative project is a demonstration of Secretary Carter’s continued commitment to drive the Pentagon to identify new ways to improve the department’s security measures as our interests in cyberspace evolve.
“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter. “Inviting responsible hackers to test our cybersecurity certainly meets that test. I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
The “Hack the Pentagon” initiative is being led by the department’s Defense Digital Service (DDS), launched by Secretary Carter last November. The DDS, an arm of the White House’s dynamic cadre of technology experts at the U.S. Digital Service, includes a small team of engineers and data experts meant to improve the department’s technological agility.
“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” said DDS Director and technology entrepreneur Chris Lynch.
This initiative is consistent with the administration’s Cyber National Action Plan announced on Feb. 9, which prioritizes near-term actions to improve our cyber defences and codifies a long-term strategy to enhance cybersecurity across the U.S. government.
The pilot program will launch in April and the department will provide more details on requirements for participation and other ground rules in the coming weeks.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.