For the first time, the Ministry of Defence has paid bounties to white hat hackers for discovering vulnerabilities in its computer networks in collaboration with US based organisation HackerOne.
The Ministry of Defence say that the 30-day challenge aimed to identify and fix vulnerabilities in cyber systems to strengthen security and to ensure better resilience.
“Bug Bounty programmes provide safe environments for experts to identify areas where security can be improved. The identification of real vulnerabilities by ethical hackers is rewarded and Defence cyber teams are working with the ethical hacking community whose expertise has been extremely valuable in finding and remediating vulnerabilities – ensuring better security across Defence’s networks and 750,000 devices.”
Minister for the Armed Forces James Heappey said:
“Bug bounty is an exciting new capability for the Ministry of Defence. Our cyber teams are collaborating with the ethical hacking community to identify and fix vulnerabilities in our systems, ensuring we’re more resilient and better protected. This work will contribute to better cyber and information security for the UK.”
Christine Maxwell, Ministry of Defence Chief Information Security Officer said:
“The Ministry of Defence has embraced a strategy of securing by design, with transparency being integral for identifying areas for improvement in the development process. It is important for us to continue to push the boundaries with our digital and cyber development to attract personnel with skills, energy and commitment. Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”