Hey millennials: Uncle Sam wants you …No uniform required.
Looking to tap cyber talent in the private sector, the U.S. Navy has been holding a series of hackathons. The challenge: Find a way to crack the security systems of military drones and warships.
Earlier this month, the Naval Postgraduate School’s Center for Cyber Warfare let hackers test their skills against a “boat in a box”—a testbed system built by contractor Booz Allen Hamilton to mirror fleet systems. The event was a follow-up to one last June, dubbed HackTheSky, where security experts tried their skills against aerial drone control software and interface designers came up with prototypes to make it easier for drone pilots to operate the devices.
The goal is to tap into a talent base of mostly young civilian cyber experts who are interested in ways to help keep the country safe without necessarily enlisting in the Navy or joining a traditional defense contractor, says Commander Zachary Staples, director of the Center for Cyber Warfare.
“They don’t want to cut their hair and go to bootcamp—that was not what they were asking me,” he says. “They were asking, how could we work with you on a project sort of basis.”
The Navy hackathons are purposely held in tech hubs, not at Navy bases: The first was held at Galvanize’s San Francisco startup center, and the most recent one at Austin’s Capital Factory coworking space.
The “boat in a box” will also be the focus of a presentation next month by Booz Allen Hamilton at South by Southwest, the Austin festival that’s typically more known for appearances by Silicon Valley startups than old-school defense contractors.
The hackathons aren’t the first attempt by the defense establishment to crowdsource innovation: The Defense Advanced Research Projects Agency (DARPA) has long held competitions to spur development in technology, from predicting the spread of infectious disease to building autonomous cars. And the Defense Department last year held a “Hack the Pentagon” challenge, paying out more than $150,000 in bug bounties to hackers who found vulnerabilities on public-facing defense websites.
But the Navy hackathons are among the first to bring hackers to test their skills against real-world sea and air digital systems that are increasingly important to national security, Staples says.
“At any given time, a larger and larger percentage of the world’s tangible wealth is loaded on a ship or being unloaded at a port,” Staples says. And if the systems onboard those ships prove vulnerable, sophisticated attackers could essentially launch a blockade with the touch of a few buttons.
“If a fleet of ships gets hacked, that’s a problem for the U.S. Navy, because our nation has just been embargoed,” says Staples.
The boat in a box will let hackers test their skills against actual nautical communication interfaces, from the automatic identification systems used for collision avoidance to weather satellite radio systems.
June’s drone hackathon helped unearth some vulnerabilities in systems that allow one operator to control massive swarms of drones. In 2015, a Naval Postgraduate School team launched a swarm of 50 drones under the control of one pilot, using customized software to keep the devices in sync. The hackathon helped inform architectural decisions for the next generation of the software, Staples says. And one team from the event also contributed some new security improvements to the Robot Operating System, an open source robotics toolkit used by researchers and robot makers around the world.
“One team contributed that back to the ROS codebase so that the result of the Navy’s swarm hackathon, at least one of those results, was available to the entire robotics community,” says Staples. The code related to technology for digitally verifying that software running on a robot hasn’t been tampered with, he says.
And in addition to security tweaks, the hackathon generated improvements to the digital interfaces used to control the swarming drones. Finding skilled user interface designers can be a challenge for the Navy, just as it is for many in the private sector developing apps and websites. Building more intuitive controls can mean happier sailors and less time and money spent on training, Staples says.
“If I’m going to have a swarm drone operator, it’s going to be a 25-year-old kid,” says Staples. “They have an expectation that the interface is going to be as good as the apps they have on their iPhone.”
The design challenge was one of a series run by Booz Allen Hamilton in conjunction with TopCoder, the Connecticut-based company known for running programming and design competitions. It’s part of a push by the contractor to engage with outside innovators, partly inspired by the example of the U.S. Digital Service and 18F, the two startup-inspired federal initiatives to recruit technical talent of a type not always found within the traditional civil service.
“We are realizing that the way we support our clients needs to be a little more inclusive and collaborative,” says Brian MacCarthy, the head of Booz Allen Hamilton’s Strategic Innovative Hub in San Francisco.
At the Austin hackathon, a design challenge will focus on alternatives to GPS for areas, such as in tunnels and buildings, where the technology gets limited reception, and a data science challenge will explore ways to use detailed data on maritime traffic to detect security risks and criminal activity such as human trafficking.
And for the Navy, the hackathon will be part of an ongoing innovation challenge of its own, to find ways to connect with hackers and small businesses willing to help keep its systems state-of-the-art.
“The focus of the hackathon this weekend is building a community for maritime security,” says Staples.