HACKERS BOOST MINDEF CYBER DEFENCES

21feb18_news-1 https://www.defencepioneer.sg/images/default-source/_migrated_english/21feb18_news-1.jpg?sfvrsn=5090e0f9_2 https://www.defencepioneer.sg/pioneer-articles/HACKERS-BOOST-MINDEF-CYBER-DEFENCES
https://www.defencepioneer.sg/pioneer-articles/HACKERS-BOOST-MINDEF-CYBER-DEFENCES
HACKERS BOOST MINDEF CYBER DEFENCES
21 Feb 2018 | TECHNOLOGY

HACKERS BOOST MINDEF CYBER DEFENCES

// STORY Thrina Tham
// PHOTOS Tan Yong Quan

A total of 35 vulnerabilities, or bugs, were uncovered across eight of its major Internet-facing systems, with a total bounty payout of US$14,750 (S$19,500).

"Hackers are very innovative, so MINDEF has to be equally innovative in defending our systems. That's why we ran the Bug Bounty Programme," said Defence Cyber Chief David Koh, who announced programme's results on 21 Feb.

"The programme has met our intended objectives and allowed MINDEF to find previously unidentified vulnerabilities quickly and effectively, and consequently strengthen our defence systems," he added.

The three-week programme saw 264 white hat hackers invited to look for security flaws in MINDEF's systems including the MINDEF, Central Manpower Base, and Defence Science and Technology Agency websites, as well as NS Portal.

These ethical hackers are from around the world, hailing from countries such as India, Romania, Russia, Sweden and the United States. They also included 100 hackers from the local white hat community in Singapore.

Held from 15 Jan to 4 Feb, the programme saw the first vulnerability report submitted 83 minutes after its launch. At the end of the three-week hackathon, a total of 34 participants had reported 97 vulnerabilities, of which 35 were valid.

The initiative is a first for a government agency in Asia, according to HackerOne, the international bug bounty company engaged to run the programme. In a statement, HackerOne said that MINDEF responded quickly to the vulnerability reports, responding within five hours on average. The company has run similar programmes for the US Department of Defence, as well as tech giants Google and Twitter.

Explaining the process, Mr Koh said that each reported bug has to meet certain criteria before it is further verified by MINDEF.

"(Each time a vulnerability is found), we fix the vulnerability immediately (to) mitigate the risk as quickly as possible," he said.

Of all the validated bugs reported, no critical vulnerabilities were found. Two were of high severity, 10 were medium and 23 were low.

The biggest bounty of US$2,000 went to local white hat hacker Mr Darrel for uncovering one of the high-severity bugs.

The cyber security manager at consultancy firm Ernst & Young said that participating in the programme helped him sharpen his skills.

Going by the moniker Shivadagger, he said: "For this programme, you're expected to have a foolproof report they want to know that you can actually go in and exploit (the vulnerability)."

Mr Darrel reported 14 vulnerabilities, of which nine were deemed valid - earning him a total bounty of US$5,000.

The Bug Bounty Programme is part of MINDEF's continuous efforts to build up its capabilities in the cyber arena, which includes the setting up of the Cyber Test and Evaluation Centre (CyTEC) where servicemen train against simulated cyber attacks.

Suggested Reading
SUITED UP FOR SUBMARINE ESCAPE TRAINING
TECHNOLOGY
21 Feb 2018

Get an inside look at how the Navy drills its submariners on escape survival techniques, to prepare them for an emergency.

CYBER DEFENDERS TAKE ON NEW THREATS IN CLOUD AND AI IN NATIONAL EXERCISE
TECHNOLOGY
21 Feb 2018

The third Critical Infrastructure Defence Exercise (CIDeX) brings together cyber defenders from across Singapore to face the ever-evolving challenges of digital threats. 

Cover story
WELCOME TO CAMP TILPAL
TECHNOLOGY
21 Feb 2018

How do you house some 6,000 people and feed them for three months? You build a pop-up “city” – complete with accommodations and the basic comforts of home – for the thousands of SAF soldiers who train annually in Queensland, Australia.

Cover story
FIGHTING AS ONE AT EXERCISE TRIDENT
TECHNOLOGY
21 Feb 2018

Singapore’s army, navy and air force work together with Australian troops to capture targets in both jungle and urban warfare.

Cover story
THEY LIFT UP OUR BIG GUNS
TECHNOLOGY
21 Feb 2018

Get up close with the men and machines of 24th Battalion, Singapore Artillery (24 SA), who provide a boost to our gunners to make sure they are always on time and on target.

COMMAND & STAFF COLLEGE GRADUANDS READY TO TAKE ON SENIOR LEADERSHIP ROLES
TECHNOLOGY
21 Feb 2018

1
CELEBRATING 50 YEARS OF SERVICE & BROTHERHOOD
TECHNOLOGY
21 Feb 2018

NS has left indelible memories for these SAF pioneers from the 8th Engineers Officer Cadet batch, who celebrate their 50th anniversary since they were commissioned in 1974.

Super Puma flight tales
TECHNOLOGY
21 Feb 2018

Retired helicopter pilot MAJ (Ret) Robert Tan was among the first few batches of locally-trained Super Puma pilots. Sports car or smooth bus – guess which vehicle he likens the aircraft to?

Total Defence is a duty of every Singapore business
TECHNOLOGY
21 Feb 2018

Having experienced the demanding commitments of National Service, LTC (NS) Suhaimi Zainul-Abidin and Mr Gaurav Keerthi share why it’s so important for every Singapore business to support their NSmen.

Feature
He scaled a volcano with OCS mates & wrote a book about NS
TECHNOLOGY
21 Feb 2018

LTC (NS) Leow Kah Shin and his NS buddies go on an annual “Exercise Longwalk” as a commitment to do something adventurous together.