The British Military Works With Ethical Hackers

The UK’s Ministry of Defence (MoD) has announced a significant expansion of its defensive security initiative with HackerOne, the global leader in hacker-powered security. The original scope of the three-year-old program included vulnerability disclosure and bug bounty programs that leveraged the creativity and expertise of ethical hackers to secure the MOD’s digital assets.  

The MOD’s program was originally launched in 2021. In this time the MoD has worked alongside and built strong relationships with over 100 researchers drawn from the ethical hacking community.

The ethical hackers have, in turn, identified and helped fix vulnerabilities in the MOD’s computer systems, further enhancing the security of its systems and cementing the MOD’s position as a cyber security leader. “The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security.... Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.” an MoD spokesman said.

Following the successful initial program, the MoD has now broadened the scope of the vulnerability disclosure program (VDP) to include a number of its key suppliers.

The objective is to encourage best practices throughout the MOD’s supply chain and ultimately motivate them to implement their own VDP. The long-term goal is for all firms that partner with the MOD to run their own VDP. “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets.” according the MoD CISO, Christine Maxwell.

“Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience” she said

Cloud software-as-a-service collaboration platform provider, Kahootz, is an initial adopter of MOD’s supplier VDP program. Kahootz provides the secure cloud collaboration service MOD uses to work collaboratively and share information protectively. “Kahootz VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, CEO of Kahootz.

“The VDP has enabled us to identify and address vulnerabilities before they can be exploited maliciously. Our collaboration with the UK Ministry of Defence (MOD) and HackerOne has facilitated knowledge sharing and best practices in cybersecurity, contributing to continuous improvement and increased confidence from our clients."

The expanded scope of the program also included a first-of-type in-person bug bounty challenge at the MoD’s Defence Academy. The Academy provides advanced education and training to military personnel, civil servants, and individuals from various international partners.

Fifteen carefully selected professionals, all of whom are top-performing hackers, participated in the challenge to assess and enhance the Defence Academy’s security posture. The hackers concentrated on breaking down barriers, challenging norms, and demonstrating their skills and lateral thinking against a wide attack surface of both internet and non-Internet-facing systems.

Along with uncovering and advising on the remediation of vulnerabilities, the event also provided a great deal of assurance on existing security measures through the use of storyboard reports that detailed the approaches and vectors the hackers tried, which were ultimately unsuccessful due to the defensive measures in place.

It is hoped that the MOD's work with the ethical hacking community will provide benefits beyond the remediation of vulnerabilities and enable it to explore new security approaches and change the established cyber security culture inside the MOD.

The , CEO of HackerOne, Marten Mickos commented “The MoD has enlisted the help of the most formidable defenders, ethical hackers - to solve security problems and outsmart threat actors. From the vulnerability disclosure program to the live bug bounty challenge, hackers have helped the MoD find and fix vulnerabilities before adversaries can detect and exploit them.”

Hacker One     |     Kahootz

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Deepfake 'Face Swap' Attacks Trending
Will Generative-AI Take Female Jobs? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

BluescreenIT (BIT)

BluescreenIT (BIT)

BluescreenIT is an IT Security Consultancy and IT and Cyber Security Training company supporting industry, local authorities, MoD and governmental IT departments.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Recast Software

Recast Software

Recast Software exists to simplify the work of IT teams and enable them to create highly secure and compliant environments.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.