GovTech and CSA Partner Cybersecurity Community on Government Bug Bounty Programme

The Government Technology Agency (GovTech) and Cyber Security Agency (CSA) of Singapore will partner local and overseas hackers on a Government Bug Bounty Programme (GBBP) from December 2018 to January 2019.

Under the GBBP, ‘white hat’ hackers – or ethical hackers – will be invited to search for and uncover vulnerabilities in ICT systems, where they will receive monetary rewards in return. Rewards can range from US$250 to US$10,000 depending on the severity of the ‘bug’ discovered by registered/authorised hackers. Discovered ‘bugs’ will be reported to the organisation for remediation.

The GBBP will run over a period of three weeks, and involves five selected internet-facing government systems and websites with high user touchpoints: gov.sg website; REACH website; Ministry of Communications & Information’s Press Accreditation Card (PAC) Online; Ministry of Foreign Affairs (MFA) website; and MFA eRegister.

GovTech and CSA will be partnering HackerOne – the world’s largest community of cybersecurity researchers and white hat hackers - for the GBBP. HackerOne successfully organised the Ministry of Defence’s first BBP earlier this year.

The GBBP is part of the Singapore Government’s ongoing efforts to build a secure and resilient Smart Nation. With cyber attacks growing in scale and complexity, the GBBP will help to build an innovative cyber ecosystem, draw in a wide range of expertise to help identify the Government’s cyber blind spots, and benchmark its defences against skilled global hackers.

By bringing together a community of cyber defenders who share the common goal of developing a safe and resilient cyberspace, the GBBP aims to build a shared sense of collective ownership over the cybersecurity of Government systems and websites, which is vital to achieve Singapore’s Smart Nation goals.

Key findings from the GBBP will be shared in March 2019. The GBBP will be expanded to include more Government ICT systems/websites in future.

ISSUED BY THE GOVERNMENT TECHNOLOGY AGENCY OF SINGAPORE AND THE CYBER SECURITY AGENCY OF SINGAPORE

About Government Technology Agency

The Government Technology Agency of Singapore (GovTech) is a statutory board formed in October 2016 after the restructuring of the Infocomm Development Authority.

Following the formation of the Smart Nation and Digital Government Group in May 2017, GovTech is placed under the Prime Minister’s Office as the implementing agency of the Group. GovTech works with public agencies to develop and deliver secure digital services and applied technology to individuals and businesses in Singapore. GovTech builds key platforms and solutions needed to support Singapore as a Smart Nation. As a leading centre for information communications technology and related engineering such as the Internet of Things, Data Science and Application Development, GovTech also enhances the capabilities of the Singapore Government in these domains.

About the Cyber Security Agency of Singapore

The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cybersecurity functions, and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cybersecurity awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information.