In a bold move, MINDEF has told reporters that it would be opening up its internet facing systems to hackers. Through this, the defence ministry is working towards identifying and fixing weaknesses in computers systems for the entire public sector.
The “MINDEF Bug Bounty Programme”, will take place between the 15th of January to the 4th of February 2018 and 300 selected white hat hackers from around the world will be invited to find vulnerabilities in eight web-facing systems.
The systems include: MINDEF’s website, the NS Portal, the Central Manpower Base website, the Defence Science and Technology Agency’s website, eHealth, Defence Mail, LearNet 2 Portal and myOASIS Portal.
Vulnerabilities uncovered should be disclosed to MINDEF and hackers will be rewarded for their discoveries, according to importance of findings. Rewards range from about S$150 to $20,000.
MINDEF acknowledges there there are inherent risks in conducting such exercises, however measures have been installed to mitigate these risks. For example, there is a possibility that a hacker may turn rouge and expose findings online instead of reporting them to MINDEF.
That is the reason why only white hat hackers are allowed to participate. The rules of engagement include: not launching Distributed Denial of Service (DDoS) attacks and not selling their discoveries. Failure to comply would result in the career hackers being censured.
Such programmes are not new. The United States Department of Defence holds “Hack the Pentagon” exercises regularly and so do companies such as Google and Facebook.
“Cyber is a new battlefront. Singapore is constantly exposed to the increasing risk of cyberattacks, and MINDEF is an attractive target for malicious cyber activity,” the ministry said. “As hackers with malicious intent find new methods to breach networks, MINDEF must constantly evolve and improve its defences against cyber threats.”