GovTech, CSA and 'ethical hackers' to uncover weaknesses in public systems, websites

GovTech and CSA will be partnering HackerOne, the world's largest community of cyber security researchers and white hat hackers, for the programme.
GovTech and CSA will be partnering HackerOne, the world's largest community of cyber security researchers and white hat hackers, for the programme.PHOTO: REUTERS

SINGAPORE - The Government Technology Agency (GovTech) and Cyber Security Agency (CSA) of Singapore on Friday (Dec 21) said they will partner local and overseas hackers on a programme where "white hat" hackers, or ethical hackers, will be invited to uncover vulnerabilities in ICT (infocomm technology) systems, and receive monetary rewards in return.

Under this Government Bug Bounty Programme (GBBP), which will run from December 2018 to January 2019, rewards can range from US$250 to US$10,000 depending on the severity of the "bug" discovered by these registered, authorised hackers. Discovered "bugs" will be reported to the organisation for remediation.

The programme will run over a period of three weeks, and involves five selected Internet-facing government systems and websites with high user touch points:

  • gov.sg website,
  • REACH website
  • Ministry of Communications & Information's Press Accreditation Card (PAC) Online,
  • Ministry of Foreign Affairs (MFA) website, and
  • MFA eRegister.

GovTech and CSA will be partnering HackerOne, the world's largest community of cyber security researchers and white hat hackers, for the programme.

 

This is part of the Singapore government's efforts to build a secure "Smart Nation" - by drawing in expertise to help identify the government's cyber blind spots, and to benchmark its defences against skilled global hackers.

Key findings from the programme will be shared in March 2019. The programme will then also be expanded to include more government ICT systems and websites in future, they said.