Hackers have been paid by the Ministry of Defence (MoD) to search their computer systems for vulnerabilities before they can be exploited by real cyber threats.
The department’s first bug bounty program saw 26 so-called “ethical hackers” invited to go under the bonnet of its networks for 30 days, in a bid to get ahead of bad actors and improve national security.
Bug bounty programs offer people a financial reward in exchange for reporting technical flaws.
It is a non-traditional approach for the MoD but common practice among the technology industry and has already been adopted by the US Department of Defence to great success.
The program is led by HackerOne, which carries out background checks on its community of hackers.
Christine Maxwell, the MoD’s chief information security officer, said the move was an “essential step in reducing cyber risk and improving resilience”.
“Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets,” she explained.
One participant, Trevor Shingles, said he was able to alert the MoD to a flaw he uncovered which would have allowed a bad actor to modify permissions and gain access.
“It’s been proven that a closed and secretive approach to security doesn’t work well,” he said.
“For the MoD to be as open as it has with providing authorised access to their systems is a real testament that they are embracing all the tools at their disposal to really harden and secure their applications.
“This is a great example to set for not only the UK, but for other countries to benchmark their own security practices against.”