8 août 2019 | International, Sécurité

The Air Force sends good guys in to hack its cloud

By: Andrew Eversden

The Air Force invited ethical hackers into its IT networks again this spring, allowing good guys the chance to infiltrate its enterprise-wide Air Force Common Computing Environment in search of vulnerabilities, the white hat hacking company Bugcrowd announced Aug. 6.

The bug bounty program, done in a partnership with Bugcrowd and the Air Force’s CCE program office, found 54 vulnerabilities. Bug bounties work under the assumption that the customer, in this case the Air Force, will now close the loopholes the hackers found, making the system more secure.

The CCE cloud uses Amazon Web Services and Microsoft’s Azure commercial cloud. The service plans to migrate more than 100 applications to that cloud environment, Bugcrowd executives said.

The largest payout from the bug bounty totaled $20,000. The event ran from March 18 to June 21 at Hanscom Air Force Base in Massachusetts.

Casey Ellis, Bugcrowd founder and CTO, said it was the first time Bugcrowd has worked with the Air Force. The Air Force has completed several other white hat hacking events with the firm HackerOne.

Ellis said that moving to the cloud from on-premise environment represents a “paradigm shift” for many organizations. Penetration testing is an important part of keeping that environment secure, he said. Bugcrowd conducted such tests in six phases: source code analysis, AWS environment testing, Azure environment testing, black box network authentication assessment, social engineering engagement and Air Force portal testing.

Bugcrowd declined to discuss how many vulnerabilities were found throughout each stage of the process.

According to a news release from the Air Force from April, the CCE currently houses 21 Air Force applications and "has room for countess more.”

The computing environment allows the Air Force to have a cloud to host its applications that reside on its Global Combat Support System, which is a centralized, cohesive enterprise resource planning system. The Air Force said in the April release that each migration costs $446,000 and that the service has spent more than $136 million on the program since 2016.


Sur le même sujet

  • Pentagon clears 100 MHz of spectrum for 5G development

    12 août 2020 | International, C4ISR

    Pentagon clears 100 MHz of spectrum for 5G development

    Nathan Strout The Pentagon has cleared 100 megahertz (MHz) of contiguous mid-band spectrum to be used for commercial 5G following a 15-week review, determining that they can share that bandwidth while minimizing impact on military radars. While that 3450-3550 MHz mid-band spectrum is highly desired by commercial 5G developers, it’s been historically used by the military for critical radar operations for air defense, missile and gunfire control, counter-mortar, bomb scoring, battlefield weapon locations, air traffic control, and range safety. But now, leaders from the Department of Defense say the Pentagon can continue using the spectrum for those purposes while making it available for commercial development. DoD Chief Information Officer Dana Deasy said the department will move toward sharing most of that spectrum without limits while setting up a Spectrum Relocation Fund Transition Plan to minimize risks. “DoD is proud of the success of the [America’s Mid-Band Initiative Teams (AMBIT)] and is committed to working closely with industry after the FCC auction to ensure timely access to the band while protecting national security,” Deasy told reporters Aug. 10. The White House and Department of Defense established AMBIT to free up spectrum for 5G development quickly back in April. Over a 15-week period, the working group was able to bring together 180 subject matter experts, and ultimately were able to identify 100 MHZ of spectrum used by the military that could be safely shared with commercial 5G efforts.The decision expands the amount of connected mid-band spectrum open for 5G development to 530 MHz. The Federal Communications Commission will auction off the spectrum. One government official said action was expected by the end of this fiscal year. https://www.c4isrnet.com/industry/2020/08/10/pentagon-clears-100-mhz-of-spectrum-for-5g-development/

  • Marines want electroshock rounds to fire from standard weapons

    5 septembre 2018 | International, Terrestre

    Marines want electroshock rounds to fire from standard weapons

    By: Todd South Marines have dazzling laser lights to wave off unwanted intruders at checkpoints and close-range police-style Tasers for crowd control. But what about when a Marine needs to reach out and shock someone? A new notice posted on the Department of Defense Small Business Innovation Research website shows that the Marines are looking for a Taser round that can be fired from conventional weapons such as 9 mm pistols, 12-gauge shotguns or even 40 mm grenade launchers, first reported by The National Interest. This request for Small Arms Long-Range Human Electro-Muscular Incapacitation Munition, or HEMI, is one of a range of nonlethal weapons sought and being fielded by all the services. The Army announced in June it would acquire a paintball-type gun that fires a round that releases a “debilitating cloud” of irritant, much like hot sauce. Earlier this year at a Pentagon showcase, the Joint Non-Lethal Weapons Program displayed concepts and prototypes of weapons, specifically lasers, that would do everything from heat a person’s skin from a distance to create a plasma ball at any location that can “talk” to a target to ward it away from a restricted area. Full article: https://www.marinecorpstimes.com/news/your-marine-corps/2018/09/04/marines-want-electroshock-rounds-to-fire-from-standard-weapons

  • US Industry Struggles To Strip Chinese Tech From Networks

    23 février 2021 | International, C4ISR

    US Industry Struggles To Strip Chinese Tech From Networks

    "[N]obody was watching too closely to see just how far these Chinese components and hardware have infiltrated U.S. businesses," one telecoms expert says.

Toutes les nouvelles