MINDEF INVITES HACKERS TO TEST ITS SYSTEMS FOR FLAWS

The Ministry of Defence (MINDEF) has made a bold move to strengthen its cyber security -- by inviting hackers to put its systems to the test.

This MINDEF Bug Bounty Programme will have 300 selected "white hat" hackers testing out its major Internet-facing systems. The hackers will be rewarded with "bounty", ranging from $150 to $20,000, depending on how unique or critical the "bug" found is.

The initiative will be a first for a Singapore government agency.

International bug bounty company HackerOne has been engaged to run the programme, which has been used by tech giants such as Google and Intel.

In 2016, HackerOne also facilitated a similar "Hack the Pentagon" programme for the United States Department of Defence, which identified more than 100 bugs in three weeks.

"This approach to crowdsourcing is a fast and effective way for MINDEF to identify vulnerabilities so that we can improve our cyber defences," said MINDEF's Defence Cyber Chief, Mr David Koh, when he unveiled the programme during his visit to the Cyber Defence Test and Evaluation Centre (CyTEC) on 12 Dec.

On the importance of cyber defence, Mr Koh said: "The cyber domain is a fast evolving area, one that (MINDEF) is increasingly dependent on.

"The Singapore Armed Forces (SAF) (is also) a highly networked force, and we need to defend our war fighting networks against potential disruptions and cyberattacks."

The bug bounty programme will involve eight of MINDEF's Internet-facing systems, including the MINDEF, Central Manpower Base, and Defence Science and Technology Agency websites, as well as NS Portal.

There are risks that come with the programme, such as rogue hackers who exploit the vulnerabilities instead of reporting them, admitted Mr Koh, who is also Deputy Secretary (Special Projects).

To mitigate this, experienced and reputable "white hat" hackers have been selected these are specialists who are certified to break into protected systems in order to improve security. "They will follow rules of engagement and best practices so that they do not inadvertently disrupt our systems," said Mr Koh.

The selected hackers will include about 100 Singaporeans, which helps nurture a local "white hat" community, he added.

Measures will also be put in place to manage the expected surge in traffic to MINDEF websites, when the programme runs from 15 Jan to 4 Feb next year.

The initiative is part of MINDEF's continuous efforts to build up its capabilities in the cyber arena, which includes the formation of the Defence Cyber Organisation this March. "