Singapore Ministry of Defence Announces Bug Bounty Program

Singapore’s Ministry of Defence (MINDEF) has invited roughly 300 white hat hackers from around the world to take part in a two-week bug bounty program targeting eight of its Internet-facing systems.

The MINDEF Bug Bounty Programme, scheduled to run between January 15 and February 4, 2018 is powered by the HackerOne platform.

The initiative covers the Defence Ministry’s public website, its I-Net and email services, the Central Manpower Base site, the Defence Science and Technology Agency site, and the NS, eHealth, LearNet 2 and myOASIS portals. Some of the targeted systems belong to the Singapore Armed Forces (SAF).

Rewards will range between S$150 (USD110) and roughly S$20,000 (USD15,000), and the total amount paid out will depend on the number and quality of bug reports. However, the cost of running the bug bounty program is expected to be less than what a commercial cybersecurity company would charge for an assessment, the Ministry said.

“Singapore is constantly exposed to the increasing risk of cyberattacks, and MINDEF is an attractive target for malicious cyber activity,” MINDEF said. “It is not possible to fully secure modern day computer software systems, and new vulnerabilities are discovered every day. As hackers with malicious intent find new methods to breach networks, MINDEF must constantly evolve and improve its defences against cyber threats.”

The announcement comes just months after the Ministry admitted that hackers had managed to breach a military system that stored non-classified data and personal information on servicemen and employees.

Singapore announced last year its intention to block Internet access on government computers for security reasons, but officials later clarified that the goal was to segregate sensitive systems from other online activities.

Singapore is the home city for SecurityWeek’s 2018 Singapore ICS Cyber Security Conference, an event dedicated to serving critical infrastructure and industrial internet stakeholders in the APAC region. The conference will take place April 24-26, 2018 at the Fairmont Singapore.

Related: Singapore Blocking Internet Access on Government Computers

Related: Singapore Forms New Cyber Security Agency

Original author: Eduard Kovacs