Story image

Singapore MINDEF opens doors to white hat hackers

14 Dec 17

The Singapore Ministry of Defence (MINDEF) cyber chief David Koh is asking budding security experts to hack MINDEF systems – all with the aim of improving defences against the malicious hackers.

Koh, who is also chief of the Cyber Security Agency of Singapore (CSA), announced the MINDEF Bug Bounty Programme this week. The announcement comes off the back of his visit to the Cyber Defence Test and Evaluation Centre (CyTEC) on Tuesday.

The MINDEF Bug Bounty Programme is the first initiative for any Singapore Government agency.

Bug bounty firm HackerOne will run the programme between January 15 and February 4 2018.

The programme will bring a select number of white hat hackers from around the globe who will test major MINDEF internet-facing systems for vulnerabilities and receive rewards for doing so.

The rewards could range from S$150 up to S$20,000 dependent on the number and quality of vulnerabilities discovered.

“The total amount paid out in rewards is dependent on the number and quality of the vulnerabilities discovered, and is expected to cost significantly less than hiring a dedicated commercial cybersecurity vulnerability assessment team,” MINDEF says.

The eight MINDEF systems are as follows:

  • MINDEF Website (Ministry of Defence website)
  • NS Portal (e-Services for NSFs and NSmen)
  • CMPB Website (Central Manpower Base website)
  • DSTA Website (Defence Science and Technology Agency website)
  • eHealth (Portal for MINDEF/SAF personnel for medical purposes)
  • Defence Mail (MINDEF/SAF Internet email service and I-Net)
  • LearNet 2 Portal (Learning resource portal for trainees)
  • myOASIS Portal (NSmen administration portal)

Koh says the crowdsourcing method is an innovative way of emphasising the importance of Singapore’s cyber defences and the need for improvement.

"This is the first time that MINDEF is launching such a bold programme. White hat hackers participating in this programme will be given the mandate to 'hack' MINDEF, to find bugs in our major Internet-facing systems… For each valid and unique bug that the hacker finds, he will receive a bounty,” he says.

According to MINDEF, the agency is an attractive target for malicious cybersecurity. Koh adds that it is not possible to fully secure modern computer systems, particularly as new vulnerabilities are discovered every day.

The crowdsourcing approach is both effective and fast, just as the cyber landscape is changing fast, Koh says.

HackerOne has conducted similar bug bounty programmes in the past for the United States Department of Defense, Intel and Twitter.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.