The British Military Works With Ethical Hackers

Uploaded on 2024-02-27 in FREE TO VIEW

The UK’s Ministry of Defence (MoD) has announced a significant expansion of its defensive security initiative with HackerOne, the global leader in hacker-powered security. The original scope of the three-year-old program included vulnerability disclosure and bug bounty programs that leveraged the creativity and expertise of ethical hackers to secure the MOD’s digital assets.  

The MOD’s program was originally launched in 2021. In this time the MoD has worked alongside and built strong relationships with over 100 researchers drawn from the ethical hacking community.

The ethical hackers have, in turn, identified and helped fix vulnerabilities in the MOD’s computer systems, further enhancing the security of its systems and cementing the MOD’s position as a cyber security leader. “The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security.... Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.” an MoD spokesman said.

Following the successful initial program, the MoD has now broadened the scope of the vulnerability disclosure program (VDP) to include a number of its key suppliers.

The objective is to encourage best practices throughout the MOD’s supply chain and ultimately motivate them to implement their own VDP. The long-term goal is for all firms that partner with the MOD to run their own VDP. “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets.” according the MoD CISO, Christine Maxwell.

“Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience” she said

Cloud software-as-a-service collaboration platform provider, Kahootz, is an initial adopter of MOD’s supplier VDP program. Kahootz provides the secure cloud collaboration service MOD uses to work collaboratively and share information protectively. “Kahootz VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, CEO of Kahootz.

“The VDP has enabled us to identify and address vulnerabilities before they can be exploited maliciously. Our collaboration with the UK Ministry of Defence (MOD) and HackerOne has facilitated knowledge sharing and best practices in cybersecurity, contributing to continuous improvement and increased confidence from our clients."

The expanded scope of the program also included a first-of-type in-person bug bounty challenge at the MoD’s Defence Academy. The Academy provides advanced education and training to military personnel, civil servants, and individuals from various international partners.

Fifteen carefully selected professionals, all of whom are top-performing hackers, participated in the challenge to assess and enhance the Defence Academy’s security posture. The hackers concentrated on breaking down barriers, challenging norms, and demonstrating their skills and lateral thinking against a wide attack surface of both internet and non-Internet-facing systems.

Along with uncovering and advising on the remediation of vulnerabilities, the event also provided a great deal of assurance on existing security measures through the use of storyboard reports that detailed the approaches and vectors the hackers tried, which were ultimately unsuccessful due to the defensive measures in place.

It is hoped that the MOD's work with the ethical hacking community will provide benefits beyond the remediation of vulnerabilities and enable it to explore new security approaches and change the established cyber security culture inside the MOD.

The , CEO of HackerOne, Marten Mickos commented “The MoD has enlisted the help of the most formidable defenders, ethical hackers - to solve security problems and outsmart threat actors. From the vulnerability disclosure program to the live bug bounty challenge, hackers have helped the MoD find and fix vulnerabilities before adversaries can detect and exploit them.”

Hacker One     |     Kahootz

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Deepfake 'Face Swap' Attacks Trending
Will Generative-AI Take Female Jobs? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TrustedIA

TrustedIA

TrustedIA is a cyber and protective security company. Our mission is to help businesses protect themselves from disruptive events that can impact their successful operation.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

SentryBay

SentryBay

SentryBay is the global leader in preventative endpoint isolation protection. We protect remote, BYOD and corporate endpoints so they can safely and securely connect with your corporate network.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.