News, 10.9.2021

Ministry for Foreign Affairs crowdsources part of its information security to hackers

The Ministry for Foreign Affairs will launch a crowdsourced information security testing for some of its public online services on 22 September 2021. The so-called bug bounty program will be implemented in cooperation with Hackrfi, a company specialising in bug bounty program management. In the program, security researchers and hackers examine and scan vulnerabilities in selected targets, working subject to a set of clear boundaries. Participating hackers will be paid rewards based on eligible vulnerability reports.

Diagram with text. Title: Locating Security Vulnerabilities. First step: Testing in the development phase: Deficiencies are rectified as part of the system development process. This is followed by two options: A regular or recurring method with an audit list or vulnerability-based audit or vulnerability scan. In addition to the regular method, an alternative is the bug bounty method: a community and unsystematic vulnerability search, in which a bounty hunter is promised a sum of money commensurate with stability from a security vulnerability that he or she detects and reports.

The Ministry for Foreign Affairs piloted the program between December 2019 and May 2020. Hackers filed more than 100 vulnerability reports, of which 32 were rewarded. The Ministry for Foreign Affairs has decided to make the program a permanent part of the implementation of its information security. The targets selected for the program will vary as the program develops.

“The Foreign Ministry’s online services are examined, whether we want it or not. We are aware that outsiders are constantly showing interest in us, and all of them do not necessarily have good intentions. The program aims to bring to our knowledge and to rectify vulnerabilities that would otherwise remain unnoticed,” says Matti Parviainen, Director for Information Security at the Ministry for Foreign Affairs.

The primary targets of testing will be our online services, which are available to everyone directly on the internet. In our services, not only confidentiality but also the availability and integrity of information are emphasised. One of the targets of testing is the matkustusilmoitus.fi (Link to another website.) service, which is one of the most important tools for us to get information about and reach Finnish citizens in crisis areas.

Successful crowdsourced testing of information security at the Ministry for Foreign Affairs – bug bounty program to permanent use (Press release 2.10.2020)

Foreign policy and security policy

International organisations and partnerships

North Atlantic Treaty Organisation

Partnerships

Defence Cooperation Agreement with the United States (DCA)

National Security Authority

Foreign policy planning and research

Development policy and development cooperation

Goals and principles of Finland’s development policy

Rights and status of women and girls

Agenda 2030 – Sustainable Development Goals

Development cooperation appropriations

Bilateral partner countries

Afghanistan

Ukraine

Partners of Finland's development policy

Regional development cooperation

Monitoring, oversight and risk management

International trade and services for companies

Common Trade Policy of the EU

Team Finland activities at the Foreign Ministry

Promotion of export and internationalisation

Services and guidelines for export control

Regional and thematic cooperation

Climate Smart Foreign Policy

Human rights policy

Finland in the UN Human Rights Council 2022–2024

Nordic cooperation

Arctic and Antarctic cooperation

ATCM45

About the Meeting

About Finland

Information for Delegates

Barents cooperation

The Finnish Presidency of the Barents Euro-Arctic Council 2021-2023

Presidency 2021-2023

Finland's Africa strategy

Country image

EU

The new relationship between the EU and the UK (Brexit)

Legal affairs

International treaties

Services and guidelines related to sanctions

Human rights complaints

Publications

Russian invasion of Ukraine

Entering Finland

Visa representation agreements

Before travelling abroad

In distress abroad

Services of Finnish missions

Finnish passport and identity card

Remember to update your personal data

Frequently Asked Questions

FAQ: Travelling and Covid-19

Guidelines and financial support related to development cooperation

Development Cooperation support for Finnish CSOs

Opportunities in development cooperation for the private sector

EU projects to develop public administration – Twinning and TAIEX

Organisation

Archives and information requests

Diplomatic Portal

Foreign missions in Finland ─ Helsinki Diplomatic List

Tax Exemption Forms for Missions

Data protection

Your data protection rights

Media Service

Projects and legislative drafting

Permanent State Secretary

Political Department

Department for International Trade

Department for Development Policy

Department for Europe

Department for Russia, Eastern Europe and Central Asia

Department for the Americas and Asia

Department for Africa and the Middle East

Department for Communications

Legal Service

Consular Services

Administrative Services