The Ministry of Defence (MoD) has run a Bug Bounty programme in which a group of ethical cyber hackers have identified vulnerabilities in its cyber defences.
It said it plans to make further use of the approach, in which its cyber teams collaborated with 26 hackers and the US based organisation HackerOne over 30 days to find and fix the weak spots.
The move is part of a wider plan to collaborate with partners to strengthen national security.
Christine Maxwell, MoD chief information security officer, said: “The Ministry of Defence has embraced a strategy of securing by design, with transparency being integral for identifying areas for improvement in the development process.
“It is important for us to continue to push the boundaries with our digital and cyber development to attract personnel with skills, energy and commitment. Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets.
“Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”
Need for new tools
Marten Mickos, CEO of HackerOne, said: “Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore.
“Having a formalised process to accept vulnerabilities from third parties is widely considered best practice globally, with the US government making it mandatory for their federal civilian agencies this year. The UK MoD is leading the way in the UK Government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example.”
Image from iStock, stuartmiles99