U.S. military wants white-hat hackers to target its cyber security systems
The U.S. military, which continues its interest in bug bounty programs as a way to improve cybersecurity, is launching a new contest next month.
Called “Hack the Air Force,” the new program will put certain of the branch’s Web sites up as targets for a set of international hackers who have been vetted by HackerOne, which is running the program.
+More on Network World: IBM: Financial services industry bombarded by malware, security threats+
The new contest follows on the Hack the Pentagon program last year that netted 138 vulnerabilities, and Hack the Army, which netted 118.
The new contest is open to researchers from the U.S., Canada, the U.K., Australia and New Zealand who have been vetted by HackerOne. The countries make up the Five Eyes intelligence alliance that monitors communications worldwide. Registration starts May 15.
“We have malicious hackers trying to get into our systems every day,” says Air Force Chief Information Security Officer Peter Kim. “It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture.”
In addition to these programs, the Department of Defense may launch another program that targets not Web sites but DoD infrastructure such as sensors in heating systems, according to Nextgov. This physical infrastructure can be exposed to the internet, which leaves it open to possible attacks.
The possibility of a bounty program against these systems was raised this week by Daryl Haegley, who is the program manager for the Office of the Assistant Secretary of Defense for Energy, Installations and Environment.
He says he is trying to get senior officials to buy into such a plan, Nextgov says.
Visits to 15 military sites found that 75% of devices in control systems run unsupported operating systems including Windows XP, Windows 98 and Windows 95, the report says.
The Hack the Pentagon program paid out a total of $75,000 to researchers who discovered vulnerabilities, with the individual prizes ranging from $1 to $15,000.
HackerOne hasn’t announced what the prize range is for Hack the Air Force.