MoD pays ‘ethical hackers’ to find flaws in bid to avoid cyber attacks

·2-min read
Officials have embraced a non-traditional approach to protect national digital assets against bad actors (Yui Mok/PA) (PA Wire)
Officials have embraced a non-traditional approach to protect national digital assets against bad actors (Yui Mok/PA) (PA Wire)

Hackers have been paid by the Ministry of Defence (MoD) to search their computer systems for vulnerabilities before they can be exploited by real cyber threats.

The department’s first bug bounty program saw 26 so-called “ethical hackers” invited to go under the bonnet of its networks for 30 days, in a bid to get ahead of bad actors and improve national security.

Bug bounty programs offer people a financial reward in exchange for reporting technical flaws.

It is a non-traditional approach for the MoD but common practice among the technology industry and has already been adopted by the US Department of Defence to great success.

To view this content, you'll need to update your privacy settings.
Please click here to do so.

The program is led by HackerOne, which carries out background checks on its community of hackers.

Christine Maxwell, the MoD’s chief information security officer, said the move was an “essential step in reducing cyber risk and improving resilience”.

“Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets,” she explained.

One participant, Trevor Shingles, said he was able to alert the MoD to a flaw he uncovered which would have allowed a bad actor to modify permissions and gain access.

“It’s been proven that a closed and secretive approach to security doesn’t work well,” he said.

“For the MoD to be as open as it has with providing authorised access to their systems is a real testament that they are embracing all the tools at their disposal to really harden and secure their applications.

“This is a great example to set for not only the UK, but for other countries to benchmark their own security practices against.”

Read More

Nato and EU condemn attack on Mercer Street tanker

Legal battle over decision to reinstate senior police officer despite conviction

Sales rebound at New Look after restructuring

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting