In a first for a Singapore Government agency, selected ‘white hat’ hackers from around the world will test major Ministry of Defence (MINDEF)’s Internet-facing systems for vulnerabilities (or "bugs"), and will receive rewards (or "bounties") for doing so.
The MINDEF's Defence Cyber Chief, Mr David Koh, announced the MINDEF Bug Bounty Programme on the sidelines of his visit to the Cyber Defence Test and Evaluation Centre (CyTEC) on Tuesday.
Singapore is constantly exposed to the increasing risk of cyberattacks, and MINDEF is an attractive target for malicious cyber activity. As hackers with malicious intent find new methods to breach networks, MINDEF must constantly evolve and improve its defences against cyber threats, an official statement said.
Emphasizing the importance of strengthening Singapore's cyber defences amidst this changing landscape, Mr Koh said that the programme, utilising crowdsourcing, is one such innovative and effective way of doing so.
He said, "This is the first time that MINDEF is launching such a bold programme. White hat hackers participating in this programme will be given the mandate to 'hack' MINDEF, to find bugs in our major Internet-facing systems. For each valid and unique bug that the hacker finds, he will receive a bounty."
On the need for such a programme, Mr Koh said that it is not possible to fully secure modern computer software systems, and new vulnerabilities are discovered every day. He added that due to the fast changing cyber landscape, no agency can keep up by itself. Hence, even large companies use this crowdsourcing approach, which is effective and fast.
MINDEF has engaged HackerOne, a reputable international bug bounty company, to run the programme. The programme will be conducted from 15 January to 4 February 2018, involving eight selected Internet-facing systems.