sb-as logo
Story image

Singapore MINDEF opens doors to white hat hackers

14 Dec 2017

The Singapore Ministry of Defence (MINDEF) cyber chief David Koh is asking budding security experts to hack MINDEF systems – all with the aim of improving defences against the malicious hackers.

Koh, who is also chief of the Cyber Security Agency of Singapore (CSA), announced the MINDEF Bug Bounty Programme this week. The announcement comes off the back of his visit to the Cyber Defence Test and Evaluation Centre (CyTEC) on Tuesday.

The MINDEF Bug Bounty Programme is the first initiative for any Singapore Government agency.

Bug bounty firm HackerOne will run the programme between January 15 and February 4 2018.

The programme will bring a select number of white hat hackers from around the globe who will test major MINDEF internet-facing systems for vulnerabilities and receive rewards for doing so.

The rewards could range from S$150 up to S$20,000 dependent on the number and quality of vulnerabilities discovered.

“The total amount paid out in rewards is dependent on the number and quality of the vulnerabilities discovered, and is expected to cost significantly less than hiring a dedicated commercial cybersecurity vulnerability assessment team,” MINDEF says.

The eight MINDEF systems are as follows:

  • MINDEF Website (Ministry of Defence website)
  • NS Portal (e-Services for NSFs and NSmen)
  • CMPB Website (Central Manpower Base website)
  • DSTA Website (Defence Science and Technology Agency website)
  • eHealth (Portal for MINDEF/SAF personnel for medical purposes)
  • Defence Mail (MINDEF/SAF Internet email service and I-Net)
  • LearNet 2 Portal (Learning resource portal for trainees)
  • myOASIS Portal (NSmen administration portal)

Koh says the crowdsourcing method is an innovative way of emphasising the importance of Singapore’s cyber defences and the need for improvement.

"This is the first time that MINDEF is launching such a bold programme. White hat hackers participating in this programme will be given the mandate to 'hack' MINDEF, to find bugs in our major Internet-facing systems… For each valid and unique bug that the hacker finds, he will receive a bounty,” he says.

According to MINDEF, the agency is an attractive target for malicious cybersecurity. Koh adds that it is not possible to fully secure modern computer systems, particularly as new vulnerabilities are discovered every day.

The crowdsourcing approach is both effective and fast, just as the cyber landscape is changing fast, Koh says.

HackerOne has conducted similar bug bounty programmes in the past for the United States Department of Defense, Intel and Twitter.

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
CrowdStrike acquires Preempt Security for $96m, develops zero trust security offerings
With this acquisition, the company plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon platform with conditional access technology. More
Download image
Equinix study: Firms turn to NFV to support distributed networks
Decision-makers looking for a solution that virtualises a wide range of network functions should evaluate NFV, study finds.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More