Nextgov reports on the Air Force paying out over $100,000 in a public web site bug bounty:
The Air Force paid out nearly $104,000 to a cohort of white-hat hackers as part of Hack the Air Force 2.0, the Pentagon’s most recent bug bounty competition. During the 20-day competition, participants uncovered 106 security vulnerabilities across roughly 300 of the branch’s public-facing websites.
“We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round,” said Air Force Chief Information Security Officer Peter Kim in a statement. “This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.”
The event kicked off Dec. 9 with a hackathon in New York City that partnered military cyber specialists with an A-list group of 25 ethical hackers from the United States, Canada, United Kingdom, Sweden, Netherlands, Belgium and Latvia. Participants discovered two bugs within the first 30 seconds of the competition and another 53 by the end of the day, earning a total of $26,883 in bounties.
This is a smart move. It is an inconsequential amount of money in the context of the entire Air Force budget, and likely far less expensive than paying an overpriced defense contractor to perform an assessments. Plus, these are motivated people who are really interested in helping.
All around, it helps the Air Force find and fix vulnerabilities all while cultivating good will within the security industry.
Lt. Gen. William Bender, the Air Force chief of information and sponsor of TFCS, traveled to Silicon Valley, California, to meet with leaders from the technology mega-hub’s most innovative companies in an effort to increase collaboration. Bender met with 53 technology companies, including Microsoft Corps. and Oracle Corp., as well as nontraditional potential partners like Twitter, Facebook and Uber. Through small-group discussions, key findings came to light that could improve collaboration between the Air Force and industry.
Silicon Valley leaders agreed partnering with the Air Force would offer opportunities to solve unique problems not present in the commercial sector, and provide industry a chance to help protect the U.S. in cyberspace.
In order to field technology at a more rapid pace, the Air Force is looking to develop a method of technology acquisition and implementation that closely aligns with industry best practices.
“We should mimic the companies in Silicon Valley by increasing agility in our acquisition and procurement processes, accepting risk, failing fast and quickly learning from our failures,” Bender said. “The Air Force information technology community needs to adapt to this agile mindset, and quickly. The alternative costs precious time and money — two resources which we are really short on.”
In regards to academia, the Air Force has been working to establish the Air Force Cyber Innovation Center in an effort produce more cyber-oriented Airmen. The U.S. Air Force Academy-based center will comprise of a highly virtualized environment where cadets will work closely with other service academies, industry and government partners to research and develop state-of-the-art technology.
The AFCIC plans to use innovative approaches to aid in the advancement of new cyberspace capabilities to deploy across the Air Force enterprise. By offering cadets more opportunities for professional development within the cyber realm, the center will provide new generations of cyber warriors for the Air Force who are better prepared to stay ahead of the constantly evolving technology curve.
It is nice to see DoD invest effort with those who really understand technology and are skating to where the puck is going rather than where it currently resides. This is exactly the type of endeavors DoD needs to leverage in order to better position itself for the future.
Which is why the candid report described in the War Is Boring article finally gives us a good first hand account as to how capable – or incapable as it may be – the F-35 is in the within-visual-range fight.
The test pilot flying the F-35 makes it very clear that the new jet, even in its ideal configuration without any external stores, was no match against a Block-40 F-16C in a less-than-ideal configuration with a pair of under-wing fuel tanks,
In dogfighting, energy is everything, and if your enemy has more kinetic and potential energy for maneuvers than you do, then you’re toast.
The report even goes into what is akin to a fairly desperate move usually only used in one-on-one air combat maneuvers, known as a rudder reversal, that the F-35 is apparently decent at performing at slow speeds. The fact that this was even detailed in the report as a useful tactic is telling. In reality, using such maneuvers means you are probably going to die if any other bad guys are in the area as it rapidly depletes the aircraft’s energy state, leaving it vulnerable to attack.
Another area that the test pilot highlights on is the F-35’s abysmal rearward visibility.
What a monumental waste of American tax dollars. That this jet has been in development for over a decade should be telling enough.
The Air Force has been pushing this aircraft as its fighter of the future. It sounds like its going to be their loser of the future if this report is accurate, and I have no reason to doubt its veracity. If this is our best then I really am afraid for the future of our military.
Apparently, looks can kill. In a very real story that we assure you did not originate from The Onion, a terrorist from ISIS recently took a selfie of himself and posted it online.
Shortly thereafter, U.S. Intelligence, which heavily monitors social media accounts from ISIS members and supporters, managed to pinpoint an ISIS headquarters building in Syria by using the selfie photo as a reference point.
According to Air Force General Hawk Carlisle (which is a perfect name for an Air Force General we must say), airmen from Hurlburt Field, Florida in the 361st Intelligence, Surveillance and Reconnaissance Group were the first to pick up on the photo.
“The guys that were working down out of Hurlburt, they’re combing through social media and they see some moron standing at this command,”Carlisle said in an interview with Defense Tech. “And in some social media, open forum, bragging about the command and control capabilities for Daesh, ISIL. And these guys go: ‘We got an in.’ So they do some work, long story short, about 22 hours later through that very building, three [Joint Direct Attack Munitions] take that entire building out.”
I genuinely wonder is this article is true or if it is mere US military propaganda.
Air Force senior leaders from across Headquarters Air Force and major commands gathered May 18-20 at the Mark Center in Alexandria, Virginia, to attend the Task Force Cyber Secure kickoff meeting.
The task force was established to address challenges within the cyberspace domain and to synchronize efforts to improve the security of information and warfighting systems across the Air Force enterprise. It has been officially underway since Air Force Chief of Staff Gen. Mark A. Welsh III approved the task force memorandum on March 20.
The three-day meeting began with opening remarks from Lt. Gen. William Bender, the secretary of the Air Force chief of information dominance and chief information officer, thanking the participants for their efforts to advance the goals of TFCS. Over the course of the meeting, leaders presented current and future cybersecurity efforts in their respective areas of expertise.
The more military senior leaders meet to discuss cyber security issues, the better it is for everyone. It has taken far too long for the US military leadership to come to the realization they need to understand information technology and the threat weak cyber security poses to sensitive DoD data.
“It was basically a test of our network security, both physical and digital,” said 2nd Lt. Jacob Swink, the 35th Communications Squadron plans and projects flight commander.
Swink said CCRIs typically occur every three years for each installation. The overall results were scored out of 100 percent, with 70 percent qualifying as a minimum passing score. The CCRI is generally regarded as highly demanding; inspectors test the physical security of locations and defense against hackers, among other aspects.
The SIPRNet received a 90.3 percent, an “outstanding” rating, and NIPRNet scored an 89.2 percent, an “excellent” rating. Both were the best ratings in the DOD.
“This is a true testament to the determination of our Airmen,” said Lt. Col. Reid Novotny, the 35th CS commander. “At no point during this process did they take status quo for an answer. They challenged every aspect of securing our network and came out top in the Department of Defense.”
New guidance from the U.S. Air Force on the use of cyberspace weapons directs Air Force personnel to get a good night’s sleep prior to performing military cyberspace operations and to refrain from alcohol while on duty.
“Crew rest is compulsory for any crew member prior to performing any crew duty on any cyber weapon system, ”the May 5 guidance says. “Each crew member is individually responsible to ensure he or she obtains sufficient rest during crew rest periods.”
Furthermore, “Crew members will not perform cyberspace mission duties within 12 hours of consuming alcohol or other intoxicating substances, or while impaired by its after effects,” the new Air Force guidance stated.
“This instruction prescribes operations procedures for cyberspace weapons systems under most circumstances, but it is not a substitute for sound judgment or common sense,” the Air Force said.
While I do not doubt this is a sound policy, it just seems par for the course for the Air Force, a service generally mocked by the others for the way it treats its Airmen.
I should not joke about it because, after all, we are talking about cyber warriors operating cyber weapons, which have the potential to do real harm. You can never be too careful.
The Pentagon said on Monday it plans to station a squadron of tilt-rotor CV-22 Osprey aircraft at the Yokota Air Base in Japan to enable U.S. special operations troops to respond quickly to crises in the Asia-Pacific region.
The first three Air Force variants of the CV-22 will arrive at the U.S. base on the outskirts of Tokyo in the last half of 2017, with an additional seven due to arrive by 2021, the Pentagon said in a statement.
The Osprey, which takes off like a helicopter and then rotates its propellers to fly like a plane, obtained a reputation for technical difficulties and safety problems during its development phase in the 1990s. Since then, it has largely overcome the issues, but crashes during training exercises in Morocco and Florida in early 2012 exacerbated Japanese concerns about the planes.
The residents of Okinawa – rightfully so – were vehemently opposed to these aircraft being deployed to a base situated in a semi-rural area of the island. Now that the U.S. plans to station a CV-22 squadron on mainland Japan, I suspect this will not be the last time we hear about Osprey’s in the news here in Japan.