Why the military's working with hackers


Twenty-six ethical hackers took on a 30-day challenge aimed at identifying, fixing and strengthening cyber security at the Ministry of Defence (MOD).

In a first for the MOD, the hackers took part in a Bug Bounty programme, collaborating with US-based HackerOne.

Bug Bounty programmes provide a safe environment for experts to identify areas where security can be improved.

Marten Mickos is CEO of HackerOne, an organisation that has worked with companies including Google, the US Department of Defense and Microsoft to help secure their cyber systems.

He said governments around the world are "waking up to the fact that they can't secure their immense digital environments with traditional security tools any more".

He added that the US made it mandatory this year for their federal agencies to formalise a process to "accept vulnerabilities from third parties" – which he said is "widely considered best practice globally".

"The UK MOD is leading the way in the UK Government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example," he added.

Watch: Cyber experts 'urgently' needed by UK defence in AI battle.

According to the MOD, the work defence has done with ethical hackers has been "extremely valuable"  in both finding and solving vulnerabilities and "ensuring better security across defence's networks and 750,000 devices".

Christine Maxwell, MOD Chief Information Security Office, said it is important the department continues "to push the boundaries with [their] digital and cyber development to attract personnel".

"The Ministry of Defence has embraced a strategy of securing by design, with transparency being integral for identifying areas for improvement in the development process," she said.

"Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets."

Last month, the UK and the US revealed details of "brute force" cyber methods used by Russia to target the cloud services of hundreds of government agencies, energy companies and other organisations.

In April, the Commander of Strategic Command told the BFBS Sitrep podcast the UK's National Cyber Force (NCF) was taking offensive actions "every day" to defend British Military assets.

Cover image: MOD cyber keyboard (Picture: MOD).

Related topics

Join Our Newsletter


Ukraine's way of operating military equipment 'a step ahead' of UK

UK Armed Forces Men v Irish Defence Forces Men LIVE – Forces football

UKAF women score five to beat Irish Defence Forces