Back to news

August 8, 2019 | International, Security

The Air Force sends good guys in to hack its cloud

By: Andrew Eversden

The Air Force invited ethical hackers into its IT networks again this spring, allowing good guys the chance to infiltrate its enterprise-wide Air Force Common Computing Environment in search of vulnerabilities, the white hat hacking company Bugcrowd announced Aug. 6.

The bug bounty program, done in a partnership with Bugcrowd and the Air Force's CCE program office, found 54 vulnerabilities. Bug bounties work under the assumption that the customer, in this case the Air Force, will now close the loopholes the hackers found, making the system more secure.

The CCE cloud uses Amazon Web Services and Microsoft's Azure commercial cloud. The service plans to migrate more than 100 applications to that cloud environment, Bugcrowd executives said.

The largest payout from the bug bounty totaled $20,000. The event ran from March 18 to June 21 at Hanscom Air Force Base in Massachusetts.

Casey Ellis, Bugcrowd founder and CTO, said it was the first time Bugcrowd has worked with the Air Force. The Air Force has completed several other white hat hacking events with the firm HackerOne.

Ellis said that moving to the cloud from on-premise environment represents a “paradigm shift” for many organizations. Penetration testing is an important part of keeping that environment secure, he said. Bugcrowd conducted such tests in six phases: source code analysis, AWS environment testing, Azure environment testing, black box network authentication assessment, social engineering engagement and Air Force portal testing.

Bugcrowd declined to discuss how many vulnerabilities were found throughout each stage of the process.

According to a news release from the Air Force from April, the CCE currently houses 21 Air Force applications and "has room for countess more.”

The computing environment allows the Air Force to have a cloud to host its applications that reside on its Global Combat Support System, which is a centralized, cohesive enterprise resource planning system. The Air Force said in the April release that each migration costs $446,000 and that the service has spent more than $136 million on the program since 2016.

https://www.fifthdomain.com/dod/air-force/2019/08/06/the-air-force-sends-good-guys-in-to-hack-its-cloud/

On the same subject

  • BAE Systems to deliver first M-Code GPS User Equipment to Germany

    June 30, 2021 | International, Land

    BAE Systems to deliver first M-Code GPS User Equipment to Germany

    Germany will be the first recipient M-Code ready receivers, but the Space Force says other agreements are in the works.

  • German anti-drone project costs increase fivefold - Spiegel | Reuters

    December 12, 2023 | International, Land

    German anti-drone project costs increase fivefold - Spiegel | Reuters

    The planned procurement of an anti-drone system by Germany's defence ministry will end up being five times more expensive than initially expected, Spiegel magazine reported on Tuesday.

  • SPACECOM is a go: Newest combatant command signed into existence

    August 30, 2019 | International, Aerospace

    SPACECOM is a go: Newest combatant command signed into existence

    By: Aaron Mehta WASHINGTON — The Pentagon has a new combatant command. With a twirl of the pen, Secretary of Defense Mark Esper signed into creation U.S. Space Command, the 11th war-fighting command for the Defense Department. “This is a landmark day, one that recognizes the centrality of space to America's national security and defense," President Donald Trump said during the event, held in the Rose Garden of the White House. “It's all about space,” Trump said, adding that for anyone looking to challenge the U.S. in orbit, “it's going to be a whole different ballgame.” Air Force Gen. Jay Raymond is the new head of SPACECOM; Army Lt. Gen. James Dickinson has been nominated to become the deputy commander. Upon Trump's signature, 287 individuals, pulled largely from U.S. Strategic Command, became the first members of the new command. Earlier in the day, Raymond and Stephen Kitay, deputy assistant secretary of defense for space policy, told reporters the creation of SPACECOM marked a new era in how the Defense Department approaches space. “We are at a strategic inflection point. There is nothing that we do [as a joint force] that isn't enabled by space. Zero,” Raymond said. “Our goal is to actually deter a conflict from extending into space. The best way I know how to do that is to be prepared to fight and win” should deterrence fail. SPACECOM's mission falls into four broad categories: To deter potential adversaries in space. To defend American assets in orbit. To deliver war-fighting capabilities (such as GPS) to other combatant commands. To develop joint war fighters to be able to operate in the space domain. The command will include a traditional headquarters staff, service components from all four armed services and two operational components: Combined Forces Space Component Command — focused on integrating space capabilities around the globe and throughout joint coalition partners — and Joint Task Force for Space Defense — focused on protecting and defending the war-fighting domain. “Space will not be an Achilles' heel. We will protect and defend and provide it for our way of life and our way of war,” Kitay added. Technically, this is a relaunch of SPACECOM, which existed in another form from 1985 through 2002. However, Raymond said, the two organizations are very different, with a “sharper” focus on the dangers from other nations in space a key part of the new incarnation. Those threats include kinetic and non-kinetic activities from competitors such as China and Russia — and any future competitors who might gain space capabilities in the future. As if to underscore the changing space environment, news broke Thursday that Iran's most recent attempt at a space launch appears to have failed on the ground. The effort was the third failed launch attempt this year, but the effort shows Iran is willing to invest significant national capital into putting assets into orbit. SPACECOM will continue to grow, including a final selection on the location of its headquarters. But questions remain about integration plans with an eventual Space Force, should Congress back its creation as a new military branch. The budget for SPACECOM in fiscal 2020 was $83.8 million, of which $75.6 million was shifted from previous organizations. Raymond warned that a continuing resolution this year would have a “significant impact” on the standing up of the new command. “We need to have stable budgets as we build this command. Continuing resolutions are never good, and it would be bad in this case as well,” he said. https://www.defensenews.com/space/2019/08/29/spacecom-is-a-go-newest-combatant-command-signed-into-existence/

All news