![](\"https:\/\/media.wired.com\/photos\/5d7fcb86e51178000950e911\/master\/pass\/security_af-satellite.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Tue, 17 Sep 2019 11:00:00 +0000<\/strong><\/p>\n At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.<\/p>\n When the Air Force showed up at the Defcon hacker conference<\/a> in Las Vegas last month, it didn\u2019t come empty-handed. It brought along an F-15 fighter-jet data system\u2014one that security researchers thoroughly dismantled<\/a>, finding serious vulnerabilities along the way. The USAF was so pleased with the result that it has decided to up the ante. Next year, it\u2019s bringing a satellite.<\/p>\n That\u2019s a promise from Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics. While sending elite hackers after an orbiting satellite\u2014and its ground station\u2014might sound ambitious, it\u2019s in keeping with Roper\u2019s commitment to fundamentally changing how his branch of the military attacks its cybersecurity challenges.<\/p>\n \u201cWe have to get over our fear of embracing external experts to help us be secure. We are still carrying cybersecurity procedures from the 1990s,\u201d says Roper. \u201cWe have a very closed model. We presume that if we build things behind closed doors and no one touches them, they\u2019ll be secure. That might be true to some degree in an analog world. But in the increasingly digital world, everything has software in it.\u201d<\/p>\n "What they\u2019re going to do is try to take over the satellite by any means they find."<\/p>\n Will Roper, Air Force<\/p>\n Software inevitably has bugs that could be exploited, whether in a smart microwave<\/a> or a complex flight system. Roper knows this from experience: The Hack the Air Force initiative, a bug bounty that sprang from a partnership between HackerOne and the Pentagon\u2019s Defense Digital Service<\/a>, paid out $130,000 to hackers who collectively found<\/a> over 120 vulnerabilities last December.<\/p>\n It was DDS that connected the Air Force to the organizers of Defcon\u2019s Aviation Village, a corner of the hacking conference dedicated to all things aerial that debuted this year. There, a group of seven vetted hackers, under the USAF\u2019s watchful eyes, attacked a Trusted Aircraft Information Download Station, which transfers data back and forth on an F-15. With the vulnerabilities they found, they could have shut it down. And that\u2019s just one of the countless components that the Air Force sources. The Air Force has its own internal cybersecurity team, of course, but its resources are finite. It needs a little help.<\/p>\n \u201cYou would expect really high security procedures for the F-15, and it has them. But what about this humble data translator,\u201d says Roper. \u201cYou might overlook it, but those kinds of things tend to be built by smaller companies. And you can imagine that smaller companies without the resources of a Lockheed Martin or Northrop Grumman or Boeing are not able to think about cyber resiliency and security at a level that can contend with a peer competitor like China.\u201d<\/p>\n Once the Air Force sees what common security pitfalls plague its third-party parts, it can start writing stronger security requirements into its contracts. That hardens the entire supply chain\u2014which in turn makes everyone\u2019s aircraft more secure.<\/p>\n