The Singapore government’s digital services arm, GovTech, has launched a “rewards program” to deepen the country’s cybersecurity crowdsourcing testing.
The Vulnerability Rewards Program (VRP) joins the Government Bug Bounty Program (GBBP) and Vulnerability Disclosure Program (VDP), all of which operate in parallel with the government’s own security checks.
“The three crowdsourced vulnerability discovery programs offer a blend of ongoing reporting and in-depth seasonal testing capabilities that exploit the community as a whole, in addition to routine government-led penetration testing,” GovTech proclaimed in a statement. blog post.
The VRP is designed to continuously test a selection of essential services in Singapore’s digital economy. Initially, this includes its online account management services for individuals and businesses, Singpass and Corppass, electronic member services for its mandatory retirement, healthcare and savings services, as well as a segment of services that allow the issuance of work permits for foreigners. GovTech said it will gradually add more ICT systems to the program.
While VDP is open to anyone in the public, GBBP and VRP are only available to ethical hackers approved by HackerOne due to the higher value systems involved. Approved participants will be offered VPN access by HackerOne, to help them ensure security while being monitored by the powers that be. Those who go too far may see the access revoked.
Singapore is a country famous for enforcement, which has earned it the not-so-ironic nickname “The Fine City” as it imposes numerous penalties on violators. This regime should prevent the abuse of the VRP.
Program participants will earn between $ 250 and $ 5,000, depending on the severity of the vulnerability. A critical vulnerability with potentially massive impact can earn a special bonus of $ 150,000.
GovTech Director Ms. Lim Bee Kwan said:
Singapore wants to protect its Smart Nation business at a time of skyrocketing cyber attacks. In 2020, cybercrime accounted for 43% of all crimes in Singapore and attacks on governments in general are seen as a grim and imminent threat.
An article published yesterday by Singapore’s Smart Nation Sensor platform described the critical interconnectivity of the island nation’s systems comparing it to the sport of synchronized swimming. For Singapore to realize its vision of becoming a pioneering Smart Nation that avoids disruptive incidents, it will need to protect each individual system from interference to a degree that other nations struggle to achieve.
It’s hardly surprising to strengthen the island city-state’s infrastructure in this way, as bug bounties and crowdsourcing have become standard operation. Last June, Singapore turned to crowdsourcing for its central bank digital currency strategies.
HackerOne has experience partnering with governments, and recently announced a month-long hacker security test in partnership with the UK government. ®