The U.S. military launched a program Wednesday called Hack the Air Force that encourages skilled hackers to find vulnerabilities and security holes in the military branch’s computer systems.
The initiative — known as a bug bounty program — is the third such reward system set up by the Department of Defense to encourage outside researchers to help the government improve security in exchange for cash rewards.
“We have malicious hackers trying to get into our systems every day,” Peter Kim, the Air Force's chief information security officer, said in a statement. “It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture.”
The program will ask hackers with to test the security of the Air Force’s public-facing system. The concept behind bug bounty programs is to encourage users to report potential vulnerabilities in exchange for cash rewards so the bounty holder can patch the security hole before an attacker can exploit it.
The Hack the Air Force initiative will mark the first occasion the U.S. military will allow non-U.S.-resident hackers to participate. Foreign participants have to be located in the United Kingdom, Canada, New Zealand or Australia — close allies who are part of the “Five Eyes” agreement for intelligence sharing.
“This outside approach — drawing on the talent and expertise of our citizens and partner-nation citizens — in identifying our security vulnerabilities will help bolster our cybersecurity,” Air Force Chief of Staff Gen. David L. Goldfein said in a statement.
Hackers who want to partake in the Hack the Air Force program will be required to register and undergo a vetting process before they are allowed to participate — a hurdle that many private sector companies with bug programs do not require.
The first of the cybersecurity defense initiatives, Hack the Pentagon, was launched by the Defense Digital Service in April 2016. The first bug bounty program run by the federal government, Hack the Pentagon attracted 1,400 registrants and received nearly 200 reports within the first six hours of its existence. It has paid out $75,000 in bounties so far.
Registration for the Hack the Air Force program will open May 15 on the HackerOne website, and submissions from civilian hackers and security researchers will be accepted from March 30 through June 23. The Air Force hasn’t specified what the payout will be for the program.