“Speak softly, but carry a big stick” said Theodore Roosevelt, 32nd President of the United States of America. Although the United States doesn’t seem to follow the ‘speak softly’ approach today it certainly carries a big stick – and there isn’t a stick bigger than the United States Air Force – and now White Hats have been invited to participate in a bug bounty program called ‘Hack the Air Force’.
Roosevelt also said that “proper armament is the surest guarantee of peace.” It’s almost certain that he was speaking about so called ‘kinetic weapons’ i.e. things that go bang or deliver bangs of enormous destructive energy. However, today the best bang for your military buck may just be in cyberspace. If you can get into an adversary’s networks you can dictate the pace of war – and stop them dead in their tracks.
But this rapidly developing arena of modern warfare is one that is hotly contest by major powers – after all cyberwar is just as powerful as any bomb dropped from 50,000 feet.
Why ‘Hack the Air Force’?
So how does the United States Air Force with over 5,000 aircraft in its inventory make sure that it’s online security is top notch? It’s simple – it invites people to hack its systems and hunt down security bugs.
‘Hack the Air Force’ invites White Hat hackers to attack and identify vulnerabilities on its public websites. It’s not just fun and games – the program provides cash incentives in the form of ‘bug bounties.’ The scale of these ‘bounties’ is not yet known – but other parts of the U.S. military and government have hosted similar programs in the past, and they have paid out big for White Hat hackers.
Last year, the U.S. government’s ‘Hack the Pentagon’ program paid out about $75,000 in bounties. More than 1,400 people registered for the program, and participants found 138 vulnerabilities in government websites.
Another government-run program, ‘Hack the Army’, enlisted 371 hackers who generated 118 valid reports and received more than $100,000 in bug bounties.
They say that business is a battlefield – and in the intensely competitive corporate environment of the 21st century this may be true. So, the question begs to be asked; why is big business not following the lead of the U.S. military and inviting White Hat hackers in to destruct test their networks and online presence? Hacking is the new normal – and data is becoming the most valuable asset in any corporate asset register. Business better start believing that Black Hat hackers are in the market for data.
There can be no argument that it may cost some money in ‘bounties’ but the alternative of allowing Black Hat hackers to access sensitive data is potentially much more costly.
U.S. Air Force Chief Information Security Officer Peter Kim summed up just why ‘Hack the Air Force’ is essential and why it is important to get White Hats to help secure the tens of thousands of public-facing servers operated by the Department of Defense.
We have millions of probes a day, a week, on our DoD systems quite frankly. These are probably people out there, around the world, who particularly aren’t friendly with the Department of Defense. And they generally don’t tell us what’s wrong with our systems until we find out that something’s been hacked. I know we have vulnerabilities, and I want to know where those are in the United States Air Force.
For businesses, the boardroom is the first line of defense. Directors need to enlist the best in the business to make sure that they have a strategy that prevents hostile action. If that means paying hackers to poke holes in vulnerable systems, then so be it. Ignoring cyber security may just lose a company the war for market domination – it’s far more preferable to invite in a pack of wolves with leashes, rather than have the wild hackers tear into your systems and prey on your data.