Cyber attackers now have the green light to hack the United States Air Force.
This is after the Department of Defense launched a bug bounty program called “Hack the Air Force” in a bid to patch up weaknesses in their systems with a minimum amount of resources.
Computer experts from the U.S. and its partner states have received an invitation to participate in the event, which is part of a crowdsourced campaign to informally enlist local and international talent to help improve the DoD’s internet security.
Countries expected to participate in the bug bounty event include Canada, New Zealand, Australia and the United Kingdoms.
The DoD will be working with bug bounty program HackerOne on this project, according to their announcement via Facebook Livestream.
Several officials including Air Force Chief Information Security Officer Peter Kim touched on the increasing need to consolidate internet security, especially on the Air Force’s public-facing servers.
Strict Vetting
Contrary to initial assumptions, the bug bounty program will not be a free-for-all sort of setup where hackers are free to go at their leisure.
One strict requirement for participation is the hackers’ friendliness.
A rigorous vetting procedure will be conducted by HackerOne to ensure that all the registered white hat hackers are indeed genuine about their reasons for participation, which is to improve the DoD’s internet security.
Furthermore, the DoD will be issuing the parameters of the program to prevent the hackers from veering into sensitive territory, although this is not a major concern given the public nature of the servers being hacked.
Registration for the internet security enhancing program will commence on May 15 and will be done through the HackerOne website.
In terms of eligibility, individuals and institutions who are members of the U.S. military or even the U.S. government can seek approval from their supervisors to participate.
They are however not eligible for compensation.
Details about the internet security program’s compensatory prizes are still sketchy.
However, people are certain that the government can offer up to $150,000 to participants who discover flaws in their internet security systems.
DoD’s Outside Approach is Ideal
The hacking of the U.S. Office of Personnel Management in 2015 was a sign that the government’s defense department needed to employ new strategies to prevent repeat data breaches of such magnitudes.
Recent evidence shows that bug bounty programs are highly efficient ways to detect and patch vulnerabilities quickly, and at a relatively low expense.
The government’s approach to revamp their internet security measures is a refreshing change from their usual in-house team of security experts.
Despite remarks from people that the bug bounty program is being held with a fair amount of caution, it is a show of good faith on the government’s part to reward its people for fixing its internet security issues well.
The “Hack the Pentagon” program was relatively successful and resulted in the disbursement of $75,000 as payment for discovering 138 bugs in their systems.
Although both programs are only permitting access to the non-critical components of the government’s security systems, progress is still being made.
The U.S. Air Force’s bug hunt program will serve to eliminate both blatant and subtleinternet security weaknesses in their systems.
That said, it is important to note that the government remains to call internet security professionals for tasks that are too sensitive to be opened to the public through a bug bounty program.
The increasing frequency of data breaches on various government institutions is reason enough to be seeing more bug bounty programs such as these in the future.