GovTech partners with hackers to uncover weakness, avoid getting hacked

644

A joint press release by the Government Technology Agency of Singapore (GovTech) and Cyber Security Agency of Singapore (CSA) reveal the government’s collaboration with local and overseas ethical hackers to search for vulnerabilities in SG’s IT systems for a fee. This strengthened partnership with the cyber-security industry is a fraction of the Singapore government’s continuing effort and dedication to build a safe and flexible Smart Nation community by gathering capabilities that could identify the government’s cyber blind spots, and to level its defenses against skillful international hackers.

The said government bug bounty initiative is a response to the increasing cyber attacks growing in scale and complexity and aims to safeguard Singapore nationals and secure public-facing government systems.

The tactical bug bounty program will run over a period of three weeks, from December 2018 to January 2019 and will entail the participation and contributions of five chosen internet-facing government systems and websites, namely, gov.sg website, REACH website, Ministry of Communications & Information’s Press Accreditation Card (PAC) Online, Ministry of Foreign Affairs (MFA) website, and MFA eRegister.

Appointed prime collaborator in this initiative is HackerOne, the leading hacker-powered security platform, it has the largest credentialed international hacker community and has proven its capabilities with previous MINDEF undertakings.

According to HackerOne CEO Marten Mickos, “Singapore is again setting an example for the rest of the world to follow by taking decisive steps towards securing their vital digital assets.”… Only governments that take cybersecurity seriously can reduce their risk of breach and interruption of digital systems. Singapore’s continued commitment to collaboration in cybersecurity is something that will help propel the industry’s progress just as much as it will contribute to protecting Singapore citizen and resident data.”

The rewards for vulnerabilities found range from US$250 to US$10,000 depending on the severity and reported bugs discovered will be dealt with by the relevant organization.

The Singapore Police Force (SPF) reported 5,430 cybercrime cases in 2017 alone,. Between 2016 and 2017, cybercrime cases grew from 15.6% to 16.6% of total crimes, even as overall crime fell. Among these cases are online cheating, compromised social media and SingPass accounts, impersonation scams, ransomware and unauthorized access. Singapore’s first conviction of a Dark Web-related crime took place in November 2017.