On 21 December, the Government Technology Agency (GovTech) and Cyber Security Agency (CSA) of Singapore announced a partnership with local and international hackers on a Government Bug Bounty Programme (GBBP) that will run from December 2018 to January 2019.
The programme was initially announced during this year’s edition of the Singapore International Cyber Week (SICW), which saw the participation of S Iswaran, Singapore’s Minister for Communications and Information and Minister-in-charge of Cybersecurity.
Under the GBBP, so-called ‘white hat’ hackers, or ethical hackers, will be invited to search for and uncover vulnerabilities in internet-facing government ICT systems.
In return they will receive monetary rewards which can range from US$250 to US$10,000, depending on the severity of the ‘bug’ discovered by the hackers.
Discovered ‘bugs’ will be reported to the organisation for remediation.
The GBBP will run over a period of three weeks, and involves five selected internet-facing government systems and websites with high user touchpoints, namely gov.sg website, REACH website, Ministry of Communications & Information’s Press Accreditation Card (PAC) Online, Ministry of Foreign Affairs (MFA) website, and MFA eRegister.
GovTech and CSA will be partnering HackerOne, the world’s largest community of cybersecurity researchers and white hat hackers, for the GBBP.
HackerOne successfully organised the Ministry of Defence’s first BBP earlier this year.
According to the join announcement, the GBBP is part of the Singapore government’s ongoing efforts to build a secure and resilient smart nation.
Key findings from the GBBP will be shared in March 2019.
The GBBP will be expanded to include more Government ICT systems/websites in future.