GovTech, CSA to partner 'ethical hackers' to uncover weaknesses in public systems, websites

THE Government Technology Agency (GovTech) and Cyber Security Agency (CSA) of Singapore on Friday said they will partner local and overseas hackers on a programme where "white hat" hackers, or ethical hackers, will be invited to uncover vulnerabilities in ICT (infocomm technology) systems, and receive monetary rewards in return.

Under this Government Bug Bounty Programme (GBBP), which will run from December 2018 to January 2019, rewards can range from US$250 to US$10,000 depending on the severity of the "bug" discovered by these registered, authorised hackers. Discovered "bugs" will be reported to the organisation for remediation.

The programme will run over a period of three weeks, and involves five selected Internet-facing government systems and websites with high user touch points:

GovTech and CSA will be partnering HackerOne, the world's largest community of cybersecurity researchers and white hat hackers, for the programme.

This is part of the Singapore government's efforts to build a secure "Smart Nation" - by drawing in expertise to help identify the government's cyber blind spots, and to benchmark its defences against skilled global hackers.

Key findings from the programme will be shared in March 2019. The programme will then also be expanded to include more government ICT systems and websites in future, they said.