The British Military Works With Ethical Hackers

The UK’s Ministry of Defence (MoD) has announced a significant expansion of its defensive security initiative with HackerOne, the global leader in hacker-powered security. The original scope of the three-year-old program included vulnerability disclosure and bug bounty programs that leveraged the creativity and expertise of ethical hackers to secure the MOD’s digital assets.  

The MOD’s program was originally launched in 2021. In this time the MoD has worked alongside and built strong relationships with over 100 researchers drawn from the ethical hacking community.

The ethical hackers have, in turn, identified and helped fix vulnerabilities in the MOD’s computer systems, further enhancing the security of its systems and cementing the MOD’s position as a cyber security leader. “The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security.... Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.” an MoD spokesman said.

Following the successful initial program, the MoD has now broadened the scope of the vulnerability disclosure program (VDP) to include a number of its key suppliers.

The objective is to encourage best practices throughout the MOD’s supply chain and ultimately motivate them to implement their own VDP. The long-term goal is for all firms that partner with the MOD to run their own VDP. “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets.” according the MoD CISO, Christine Maxwell.

“Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience” she said

Cloud software-as-a-service collaboration platform provider, Kahootz, is an initial adopter of MOD’s supplier VDP program. Kahootz provides the secure cloud collaboration service MOD uses to work collaboratively and share information protectively. “Kahootz VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, CEO of Kahootz.

“The VDP has enabled us to identify and address vulnerabilities before they can be exploited maliciously. Our collaboration with the UK Ministry of Defence (MOD) and HackerOne has facilitated knowledge sharing and best practices in cybersecurity, contributing to continuous improvement and increased confidence from our clients."

The expanded scope of the program also included a first-of-type in-person bug bounty challenge at the MoD’s Defence Academy. The Academy provides advanced education and training to military personnel, civil servants, and individuals from various international partners.

Fifteen carefully selected professionals, all of whom are top-performing hackers, participated in the challenge to assess and enhance the Defence Academy’s security posture. The hackers concentrated on breaking down barriers, challenging norms, and demonstrating their skills and lateral thinking against a wide attack surface of both internet and non-Internet-facing systems.

Along with uncovering and advising on the remediation of vulnerabilities, the event also provided a great deal of assurance on existing security measures through the use of storyboard reports that detailed the approaches and vectors the hackers tried, which were ultimately unsuccessful due to the defensive measures in place.

It is hoped that the MOD's work with the ethical hacking community will provide benefits beyond the remediation of vulnerabilities and enable it to explore new security approaches and change the established cyber security culture inside the MOD.

The , CEO of HackerOne, Marten Mickos commented “The MoD has enlisted the help of the most formidable defenders, ethical hackers - to solve security problems and outsmart threat actors. From the vulnerability disclosure program to the live bug bounty challenge, hackers have helped the MoD find and fix vulnerabilities before adversaries can detect and exploit them.”

Hacker One     |     Kahootz

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Deepfake 'Face Swap' Attacks Trending
Will Generative-AI Take Female Jobs? »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.

QANplatform

QANplatform

QANplatform is a Quantum-resistant hybrid blockchain platform.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.