09 August 2021

The Ministry of Defence (MoD) has concluded it’s first-ever bug bounty challenge with security platform HackerOne, as part of a commitment to develop a culture of collaboration around cyber security.

Bug bounty programmes, whereby hackers report real-world security vulnerabilities to affected organisations in return for cash compensation, are used throughout the industry to incentivise security research and identifying any issues before adversaries have a chance to exploit them.

During the 30-day challenge, the MoD invited hackers to investigate vulnerabilities in its digital assets by giving them direct access to its internal systems, which was done with the aim of helping the government depart secure and defend them from cyberattacks.

The challenge follows the UK government’s publication of its integrated review of security, defence, development and foreign policy from March, in which it highlighted the need for greater capacity and resilience to deal with cyber threats, especially against critical national infrastructure (CNI).

“The MoD has embraced a strategy of securing by design, with transparency being integral for identifying areas for improvement in the development process,” said Christine Maxwell, chief information security officer (CISO) at the MoD. “It is important for us to continue to push the boundaries with our digital and cyber development to attract personnel with skills, energy and commitment. Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets.

The MoD said the challenge with HackerOne is part of an organisation-wide commitment to build up a culture of transparency and openness.