Mindef inviting 300 hackers to test Internet-facing systems
The Ministry of Defence (Mindef) will be inviting some 300 “white hat” hackers to test its major Internet-facing systems for weaknesses early next year.
Called the Mindef Bug Bounty Programme, it will run from 15 January to 4 February 2018 and offer cash “bounties” to participants with the amounts depending on the number and quality of vulnerabilities each one discovers.
The programme, a first of its kind for a Singapore government agency, is expected to be “cost significantly less” than hiring a dedicated commercial cybersecurity vulnerability assessment team, said Mindef in a media statement on Tuesday (12 December).
On the need to conduct such a programme, Mindef Defence Cyber chief David Koh said it not possible to fully secure modern computer systems and that new vulnerabilities are discovered every day. He added that no agency can keep up by itself in today’s fast-changing cybersecurity landscape, hence the need to take a crowdsourcing approach.
Facilitated by international bug bounty firm HackerOne, which has worked with organisations such as the US Department of Defence, Twitter and Intel, the new programme will involve “white hat” hackers from around the world. These are computer security specialists who break into systems to test and assess their security before malicious “black hat” hackers can get to them.
Based on previous programmes run by HackerOne, the cash prizes for successful hackers could range from $150 to $20,000.
Eight Mindef systems will be tested during the course of the programme. These include the Mindef’s website, its public Internet e-mail service, NS Portal and CMPB website.
More Singapore stories:
