Come and hack us, says Singapore Defence Ministry
Security experts will be brought in to test soft spots and find bugs in the city state's systems
The Singapore Defence Ministry has thrown down the gauntlet to hackers in a bid to identify bugs and soft spots in their online systems – an approach normally used by big business.
David Koh, the Ministry of Defence’s cyber chief, announced the “Bug Bounty Program” during a trip to the city state’s Cyber Defence Test and Evaluation Centre this week.
It is the first time the Singapore government agency has challenged computer security specialists to break into protected systems and networks. Those successful will be receive cash rewards.
“The ministry is launching a bold program,” Koh said. “White hackers participating in this program will be given the mandate to ‘hack’ us, to find bugs in our major internet-facing systems. For each valid and unique bug that the hacker finds, he will receive a bounty.”
The ministry has engaged San Francisco-based HackerOne, a reputable international bug bounty company, to run the program.
It will take place between Jan 15 to Feb 4 and involve eight selected internet-facing systems used by the ministry.
“Cyber is a new battlefront,” the ministry said in a statement. “Singapore is constantly exposed to the increasing risk of cyberattacks and the ministry is an attractive target for malicious cyber activity.
“As hackers find new methods to breach networks, the ministry must constantly evolve and improve its defenses against cyber threats,” the ministry added.
The HackerOne platform is used by major companies, including Twitter, Adobe, Yahoo, Lufthansa, Snapchat, Qualcomm, General Motors, Shopify andUber.
Its network consists of approximately 100,000 hackers, who have accumulated ‘bounties’ worth US$14 million.
The tactic of inviting white hackers is part of a broader crowdsourcing strategy to strengthen Singapore’s cyber defenses amid a changing online landscape.
Earlier this year, the United States government launched “Hack the Pentagon”, using the HackerOne platform.
The 24-day program revealed 138 soft spots in Department of Defense websites. More than US$70,000 in bounties were paid to the white hat hackers.