In a first for the U.K. Ministry of Defense (MoD), 26 ethical hackers have taken part in a Bug Bounty program in collaboration with U.S.-based organisation, HackerOne. The 30-day program aimed to identify and fix vulnerabilities in cyber systems to strengthen defense security and to ensure better resilience against threats.
Bug Bounty programs provide safe environments for experts to identify areas where security can be improved, with the identification of real vulnerabilities by ethical hackers being rewarded. Cyber defense teams are now working with the ethical hacking community, whose expertise has been extremely valuable in finding and remediating vulnerabilities to ensure better security across defense networks and 750,000 devices.
“Bug Bounty is an exciting new capability for the Ministry of Defense. Our cyber teams are collaborating with the ethical hacking community to identify and fix vulnerabilities in our systems, ensuring we’re more resilient and better protected,” said Minister for the Armed Forces, James Heappey. “This work will contribute to better cyber and information security for the U.K.”
In the Integrated Review published earlier this year, the U.K. government committed to a more robust position on security and resilience, ensuring that lives and livelihoods are protected from those who may wish to do harm. This challenge is part of wider plans to ensure transparency and collaboration with partners to improve national security.
“It is important for us to continue to push the boundaries with our digital and cyber development to attract personnel with skills, energy and commitment,” Christine Maxwell, Ministry of Defence Chief Information Security Officer said.
“Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”
MoD will continue to make use of the Bug Bounty expertise and other capabilities to ensure cyber security and resilience. MoD cyber security efforts reinforce the U.K. Government strategy for cross-department resilience and security.
“Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore,” CEO of HackerOne, Marten Mickos, said.
“Having a formalized process to accept vulnerabilities from third parties is widely considered best practice globally, with the U.S. government making it mandatory for their federal civilian agencies this year. The U.K. MoD is leading the way in the U.K. government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example.”