Back to news

August 8, 2019 | International, Security

The Air Force sends good guys in to hack its cloud

By: Andrew Eversden

The Air Force invited ethical hackers into its IT networks again this spring, allowing good guys the chance to infiltrate its enterprise-wide Air Force Common Computing Environment in search of vulnerabilities, the white hat hacking company Bugcrowd announced Aug. 6.

The bug bounty program, done in a partnership with Bugcrowd and the Air Force's CCE program office, found 54 vulnerabilities. Bug bounties work under the assumption that the customer, in this case the Air Force, will now close the loopholes the hackers found, making the system more secure.

The CCE cloud uses Amazon Web Services and Microsoft's Azure commercial cloud. The service plans to migrate more than 100 applications to that cloud environment, Bugcrowd executives said.

The largest payout from the bug bounty totaled $20,000. The event ran from March 18 to June 21 at Hanscom Air Force Base in Massachusetts.

Casey Ellis, Bugcrowd founder and CTO, said it was the first time Bugcrowd has worked with the Air Force. The Air Force has completed several other white hat hacking events with the firm HackerOne.

Ellis said that moving to the cloud from on-premise environment represents a “paradigm shift” for many organizations. Penetration testing is an important part of keeping that environment secure, he said. Bugcrowd conducted such tests in six phases: source code analysis, AWS environment testing, Azure environment testing, black box network authentication assessment, social engineering engagement and Air Force portal testing.

Bugcrowd declined to discuss how many vulnerabilities were found throughout each stage of the process.

According to a news release from the Air Force from April, the CCE currently houses 21 Air Force applications and "has room for countess more.”

The computing environment allows the Air Force to have a cloud to host its applications that reside on its Global Combat Support System, which is a centralized, cohesive enterprise resource planning system. The Air Force said in the April release that each migration costs $446,000 and that the service has spent more than $136 million on the program since 2016.

https://www.fifthdomain.com/dod/air-force/2019/08/06/the-air-force-sends-good-guys-in-to-hack-its-cloud/

On the same subject

  • Huntington Ingalls Industries Awarded $954 Million Intelligence, Surveillance and Reconnaissance Contract by U.S. GSA FEDSIM

    January 24, 2020 | International, Security

    Huntington Ingalls Industries Awarded $954 Million Intelligence, Surveillance and Reconnaissance Contract by U.S. GSA FEDSIM

    Newport News, Va., January 23, 2020 (GLOBE NEWSWIRE) -- Huntington Ingalls Industries (NYSE: HII) announced today that it has been awarded a General Services Administration One Acquisition Solution for Integrated Services (OASIS) task order to provide Persistent Multi-Role Operations (PMRO) support to the U.S. Air Force-Europe (USAFE) by the Federal Systems Integration and Management Center (FEDSIM). This task order will provide Contractor Owned-Contractor Operated (COCO) manned and unmanned airborne intelligence, surveillance and reconnaissance (ISR) in support of Air Force requirements in the European and African theaters of operation. The task order has a base period of one year with four option years and a potential value of $954 million. “Critical readiness of our defense intelligence enterprise demands unique expertise and advanced technology solutions,” said Garry Schwartz, president of Technical Solutions' Mission Driven Innovative Solutions group. “Over the last several years, HII has continued to expand its ISR support to the U.S. Air Force and other components of the Department of Defense. We are looking forward to continuing to advance the implementation of innovative ISR solutions for USAFE and across the DOD.” The Air Force directs global integrated ISR operations from forward-deployed locations worldwide, including locations throughout the six geographic combatant commands. Air Force ISR operations are conducted in multiple domains and across all phases of operations and environments. The timely integration and delivery of ISR information provides joint, defense, national, and coalition partners with actionable intelligence for the commander and warfighter. The objective of this task is to provide persistent, multi-role and cross-domain ISR capabilities that increase indications and warnings, enhance the U.S. security defense posture, enable the freedom of movement, increase partnership capacity and interoperability, and foster global security and stability throughout the European and African areas of responsibility. This is a continuation and expansion of work currently performed by HII, whose purpose is to deliver timely, accurate and relevant information to operational and strategic decision makers. This effort will provide PMRO for multiple DOD components, including Air Forces in Europe and Africa as well as other strategic and operational partners. About Huntington Ingalls Industries Huntington Ingalls Industries is America's largest military shipbuilding company and a provider of professional services to partners in government and industry. For more than a century, HII's Newport News and Ingalls shipbuilding divisions in Virginia and Mississippi have built more ships in more ship classes than any other U.S. naval shipbuilder. HII's Technical Solutions division provides a wide range of professional services through its Fleet Support, Mission Driven Innovative Solutions, Nuclear & Environmental, and Oil & Gas groups. Headquartered in Newport News, Virginia, HII employs more than 42,000 people operating both domestically and internationally. For more information, visit: HII on the web: www.huntingtoningalls.com HII on Facebook: www.facebook.com/HuntingtonIngallsIndustries HII on Twitter: twitter.com/hiindustries Statements in this release, as well as other statements we may make from time to time, other than statements of historical fact, constitute “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements involve risks and uncertainties that could cause our actual results to differ materially from those expressed in these statements. Factors that may cause such differences include: changes in government and customer priorities and requirements (including government budgetary constraints, shifts in defense spending, and changes in customer short-range and long-range plans); our ability to estimate our future contract costs and perform our contracts effectively; changes in procurement processes and government regulations and our ability to comply with such requirements; our ability to deliver our products and services at an affordable life cycle cost and compete within our markets; natural and environmental disasters and political instability; our ability to execute our strategic plan, including with respect to share repurchases, dividends, capital expenditures, and strategic acquisitions; adverse economic conditions in the United States and globally; changes in key estimates and assumptions regarding our pension and retiree health care costs; security threats, including cyber security threats, and related disruptions; and other risk factors discussed in our filings with the U.S. Securities and Exchange Commission. There may be other risks and uncertainties that we are unable to predict at this time or that we currently do not expect to have a material adverse effect on our business, and we undertake no obligation to update or revise any forward-looking statements. You should not place undue reliance on any forward-looking statements that we may make. CONTACT INFORMATION Beci Brenton HII Corporate Director of Public Affairs (202) 264-7143 Beci.Brenton@hii-co.com View source version on Huntington Ingalls Industries: https://newsroom.huntingtoningalls.com/releases/huntington-ingalls-industries-awarded-954-million-intelligence-surveillance-and-reconnaissance-contract-by-u-s-gsa-fedsim

  • General Atomics develops MQ-9 Reaper automatic take-off and landing enhancements

    July 6, 2020 | International, Aerospace

    General Atomics develops MQ-9 Reaper automatic take-off and landing enhancements

    by Pat Host General Atomics Aeronautical Systems Inc (GA-ASI) in March and April 2020 demonstrated three expanded automatic take-off and landing capability (ATLC) enhancements for its MQ-9A Reaper medium-altitude, long-endurance (MALE) unmanned aerial vehicle (UAV). One improvement enables the aircraft to land at an alternate, or divert, airfield in which no ground control station (GCS) is present while also under satellite communication (satcom) control, GA-ASI announced on 25 June. With the divert landing enhancement, the remote pilot can enter the new landing area co-ordinates to automatically land at the selected location. The pilot can also overfly and self-survey the divert airfield's runway using the Reaper's multispectral electro-optical/infrared (EO/IR) sensor to obtain co-ordinates for an automatic landing. Once uploaded to the MQ-9A's mission profile, the Reaper's aircrew enables the ATLC system, which allows the aircraft to automatically manoeuvre itself into a landing pattern and make the automatic landing. This enhancement will enable operational Reapers to land at alternate airfields on their own because of poor weather, changing mission requirements, or damaged runways, GA-ASI president David Alexander said in a 25 June statement. GA-ASI demonstrated this aerial runway survey capability on 23-24 April at GA-ASI's Gray Butte flight operations facility near Palmdale, California, a company spokesman said on 29 June. The second enhancement expands the cross-wind limits of the MQ-9A. The third improvement increases the maximum landing weight for normal and emergency landings. The heavyweight landings were demonstrated throughout March and April at the Southern California Logistics Airfield in Victorville, California. https://www.janes.com/defence-news/news-detail/general-atomics-develops-mq-9-reaper-automatic-take-off-and-landing-enhancements

  • New in 2019: The Army’s new way of warfighting will continue to evolve

    January 7, 2019 | International, Naval, Land, C4ISR

    New in 2019: The Army’s new way of warfighting will continue to evolve

    By: Todd South Each of the past three years has seen the Army build and upgrade its newest warfighting concept, one that leaders look to transform the service in an era of greater competitionand multi-faceted threats. That concept, while improved, will continue to evolve in the coming year as well, with more experimentation and feedback from soldiers at all levels. The Army will fight its future battles through formations geared toward multi-domain operations and guided by real-world threats to global military superiority, according to an updated version of Army warfighting called Multi-Domain Operations 2028. “U.S. Army in Multi-Domain Operations 2028” is both a revision to ongoing warfighting plans and an invitation for input from across the force. “The American way of war must evolve and adapt,” Army Chief of Staff Gen. Mark Milley wrote. “It describes how U.S. Army forces, as part of the Joint Force, will militarily compete, penetrate, dis-integrate, and exploit our adversaries in the future.” And while it has been formed by commanders at Army Training and Doctrine Command, Army leaders know it needs more. “Every one of you is part of our evolution and the construction of our future force,” Milley wrote, addressing soldiers, “and we want your critical feedback.” The main task of this new battle concept is to get after “layered stand-off,” in which adversaries have created ways to deny historical U.S. dominance of domains such as air-land-sea, and new ones such as information and electromagnetic spectrums to keep U.S. and allied military units at bay. In the newly released document's preface, Gen. Stephen Townsend, TRADOC commander, focused on how the Army will operate and enable the joint force in future conflicts. “If deterrence fails, Army formations, operating as part of the Joint Force, penetrate and dis-integrate enemy anti-access and area denial systems; exploit the resulting freedom of maneuver to defeat enemy systems, formations and objectives and to achieve our own strategic objectives; and consolidate gains to force a return to competition on terms more favorable to the U.S., our allies and partners,” he wrote. To reach those goals, the Army will need some new functions, new equipment and advanced processes to select, train and retain capable soldiers. Some of that was evident this past summer in the Pacific, where fires soldiers found novel approaches to integrating traditionally land-focused Army assets and networks to link up with partner forces and U.S. Navy and Marine Corps teams to share information and strike ships at sea in simulated, contested environments. The director of the Army's Capabilities Integration Center, Brig. Gen. Mark Odom, in an Army release, highlighted key factors in the new concept's importance. The concept focuses on operational problems with competitors such as Russia and China, as opposed to the counterinsurgency and counterterrorism focus in recent decades. This means it returns the Army to a focus on threats rather than capabilities-based approaches, he wrote. https://www.armytimes.com/news/your-army/2019/01/04/new-in-2019-the-armys-new-way-of-warfighting-will-continue-to-evolve

All news