The British Military Works With Ethical Hackers

The UK’s Ministry of Defence (MoD) has announced a significant expansion of its defensive security initiative with HackerOne, the global leader in hacker-powered security. The original scope of the three-year-old program included vulnerability disclosure and bug bounty programs that leveraged the creativity and expertise of ethical hackers to secure the MOD’s digital assets.  

The MOD’s program was originally launched in 2021. In this time the MoD has worked alongside and built strong relationships with over 100 researchers drawn from the ethical hacking community.

The ethical hackers have, in turn, identified and helped fix vulnerabilities in the MOD’s computer systems, further enhancing the security of its systems and cementing the MOD’s position as a cyber security leader. “The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security.... Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.” an MoD spokesman said.

Following the successful initial program, the MoD has now broadened the scope of the vulnerability disclosure program (VDP) to include a number of its key suppliers.

The objective is to encourage best practices throughout the MOD’s supply chain and ultimately motivate them to implement their own VDP. The long-term goal is for all firms that partner with the MOD to run their own VDP. “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets.” according the MoD CISO, Christine Maxwell.

“Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience” she said

Cloud software-as-a-service collaboration platform provider, Kahootz, is an initial adopter of MOD’s supplier VDP program. Kahootz provides the secure cloud collaboration service MOD uses to work collaboratively and share information protectively. “Kahootz VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, CEO of Kahootz.

“The VDP has enabled us to identify and address vulnerabilities before they can be exploited maliciously. Our collaboration with the UK Ministry of Defence (MOD) and HackerOne has facilitated knowledge sharing and best practices in cybersecurity, contributing to continuous improvement and increased confidence from our clients."

The expanded scope of the program also included a first-of-type in-person bug bounty challenge at the MoD’s Defence Academy. The Academy provides advanced education and training to military personnel, civil servants, and individuals from various international partners.

Fifteen carefully selected professionals, all of whom are top-performing hackers, participated in the challenge to assess and enhance the Defence Academy’s security posture. The hackers concentrated on breaking down barriers, challenging norms, and demonstrating their skills and lateral thinking against a wide attack surface of both internet and non-Internet-facing systems.

Along with uncovering and advising on the remediation of vulnerabilities, the event also provided a great deal of assurance on existing security measures through the use of storyboard reports that detailed the approaches and vectors the hackers tried, which were ultimately unsuccessful due to the defensive measures in place.

It is hoped that the MOD's work with the ethical hacking community will provide benefits beyond the remediation of vulnerabilities and enable it to explore new security approaches and change the established cyber security culture inside the MOD.

The , CEO of HackerOne, Marten Mickos commented “The MoD has enlisted the help of the most formidable defenders, ethical hackers - to solve security problems and outsmart threat actors. From the vulnerability disclosure program to the live bug bounty challenge, hackers have helped the MoD find and fix vulnerabilities before adversaries can detect and exploit them.”

Hacker One     |     Kahootz

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Deepfake 'Face Swap' Attacks Trending
Will Generative-AI Take Female Jobs? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

Bitbone

Bitbone

Bitbone develop IT infrastructure and IT security solutions that create long-term value.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.