A 30-day bug bounty programme saw hackers reveal weaknesses in the MoD’s digital security, specifically, its internal web apps. This information can now be used to get ahead of those who attempt to breach online systems, known as ‘bad actors’.
The ‘ethical hacking’ scheme has been developed over a number of years, now coming to fruition as the MoD has gets their processes in order.
HackerOne, the company that carried out the background checks on the participants, led the programme and are specialists in bug bounty competitions.
The scheme could be considered unusual for security departments, but has become commonplace in the technology industry.
Martin Mickos, the chief executive of HackerOne, said that global governments are becoming aware that “traditional tools” can no longer effectively secure their online material.
The ministry’s chief information security officer, Christine Maxwell, weighed in by saying the security test was an example of the MoD’s “willingness to pursue innovative and non-traditional approaches” to keeping its networks secure.
Maxwell points out, “Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets”
- Personal data breaches drop 20%, says Information Commissioner
- Are companies botching cybersecurity recruitment?
- Five Scottish IoT cybersecurity projects to watch
Trevor Shingles, a participant, alerted the MoD to a flaw that would allow ‘bad actors’ to modify permissions and gain access to restricted material.
Shingles said, “For the MoD to be as open as it has with providing authorised access to their systems is a real testament that they are embracing all the tools at their disposal to really harden and secure their applications.
“This is a great example to set, not only for the UK, but for other countries to benchmark their own security practices against.”
Bug bounty programmes offer hackers, also known as security researchers, a financial reward for reporting flaws in digital defences so they can be patched.
The US Department of Defense has previously utilised this strategy and has seen great success at improving their computer-based security systems.
The MoD now leads the way in the UK government’s security tactics.
It is hoped that this technique is adopted by other governing bodies across the globe in a way to improve secure information storage and communications.