Why It Matters

'Hack Mindef' a bold first step

The "Hack Mindef" initiative announced this week is a novel and bold approach to improve cyber security.

Under the initiative - the Government's first crowdsourced hacking programme - around 300 registered international and local hackers will be invited to hunt for vulnerabilities in eight of Mindef's Internet-connected systems. These include the Mindef website, the NS Portal and the LearNet 2 Portal, a learning resource for trainees.

The hackers can earn between $150 and $20,000 for each valid and unique bug found during the Mindef Bug Bounty Programme from Jan 15 to Feb 4.

Such initiatives are not new; they are used effectively by tech giants such as Facebook, Apple and Microsoft to complement their existing cyber security programmes.

By being the first in the Government to embark on such a programme, Mindef is laying down the gauntlet for other ministries and agencies to try similar measures, given that data breaches are becoming increasingly common.

Mindef itself was hit earlier this year when it found that hackers had stolen the NRIC numbers, telephone numbers and birth dates of 854 personnel.

In April, it was discovered that hackers had broken into the networks of the National University of Singapore and Nanyang Technological University, presumably to steal government-related data.

So it is encouraging that some of Singapore's 11 critical information infrastructure sectors are already considering such programmes, said the Cyber Security Agency.

From a defence perspective, the move is also significant as cyberspace is emerging as the next battlefield, Mindef defence cyber chief David Koh said on Tuesday. He added that crowdsourced testing offers a diversity of skill sets, and is cheaper than hiring a dedicated vulnerabilities assessment team.

While such a programme is not without its risks, by taking the first step, Mindef will hopefully pave the way for more agencies to do the same, fixing flaws before malicious actors can exploit sensitive and personal information.

A version of this article appeared in the print edition of The Straits Times on December 16, 2017, with the headline ''Hack Mindef' a bold first step'. Print Edition | Subscribe