Singapore holds hacker ‘bug bounty’

HackerOne, a security platform run by “white hat” or ethical hackers, says it will work with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA) to protect the city-state’s data.

Cyber attacks have grown in scale and complexity, leading the Lion City to look for new ways to build security.

Discovered “bugs” will be reported to state-run organisations for action.

Singapore’s Ministry of Defence ran a similar bug-bounty programme with San Francisco-based HackerOne last December.

The exercise saw the ministry pay out US$14,750 in bounties to 17 successful hackers who took part. The highest single reward was purportedly US$2,000.

The new programme will offer a cash reward for reporting vulnerabilities to GovTech.
Rewards for loopholes could range from US$250 to US$10,000 depending on the severity, the authorities said.

Singapore is on a cybersecurity alert following a high-profile attack this year which saw the data about more than 1.5 million patients of health-care provider SingHealth, including Prime Minister Lee Hsien Loong, leaked by hackers.

Bug bounties are widely viewed as an industry best practice with the challenge run into next month and covering five government systems and websites.

The targets are gov.sg, the Reach website, Ministry of Communications and Information’s Press Accreditation Card Online, the Ministry of Foreign Affairs website and MFA’s eRegister.
Findings will be shared in March and another bug bounty would probably be held for other government IT systems in the future, the authorities added.

GovTech said it “aims to build a shared sense of collective ownership over the cybersecurity of government systems and websites, which is vital to achieve the country’s Smart Nation goals”.

The US Department of Defence and the European Commission, the EU’s executive branch, have reportedly employed HackerOne to find vulnerabilities that could be exploited by criminals. Lufthansa, Google Play, Nintendo, General Motors, Intel and Starbucks have also used the firm’s service.

“Singapore is again setting an example for the rest of the world to follow by taking decisive steps towards securing their vital digital assets,” said Marten Mickos, chief executive of HackerOne.

“Only governments that take cybersecurity seriously can reduce their risk of breach and interruption of digital systems. Singapore’s continued commitment to collaboration in cybersecurity is something that will help propel the industry’s progress just as much as it will contribute to protecting Singapore citizen and resident data.”

 

Technologically dependent Singapore is susceptible to hacking. Picture credit: PXHere