Officials partner with HackerOne to deliver new initiative

HackerOne has partnered with the Singapore government to launch new bug bounty programs aimed at protecting public-facing websites.

The initiative, which was launched late last week, comes after a number of cybersecurity incidents hit organizations and businesses across the Southeast Asian country.

This new program offers rewards to ethical hackers for reporting vulnerabilities in five public-facing government websites.

According to a press release, the private bug bounty program is only open to “local” hackers – though it isn’t clear what local is defined as.

The release read: “The bug bounty initiative will offer a select group of local bug bounty hackers a monetary reward, or bounty, for reporting valid vulnerabilities to GovTech so they can be safely resolved.

“Bug bounty programs are an industry best practice, implemented by public and private sector organizations across industries.

“The hacking challenge will run over a period of three weeks from December 2018 to January 2019 with the goal of finding security flaws in five public-facing government systems and websites.”

It is the second collaboration between HackerOne and the government, after a successful bug bounty program earlier this year with the Singapore Ministry of Defence.

Back in February, a new bill was passed to strengthen the country’s legal oversight for cybersecurity.

In addition to imposing a series of obligations on those operating in various critical information infrastructure (CII) sectors, the bill will authorize the Cyber Security Agency of Singapore (CSA) to prevent and respond to cybersecurity threats and incidents, while establishing a licensing framework for cybersecurity providers.

It will also impose obligations on entities operating in the defined CII sectors of energy, water, banking and finance, healthcare, transport, information communications, media, security and emergency services, and government.

Health risk

The bill comes after a SingHealth, the largest healthcare group in Singapore, became the target of a “major cyber-attack” that resulted in the personal information of around 1.5 million individuals being compromised – including that of Prime Minister Lee Hsien Loong.

Issuing a security alert back in July, SingCert – the Asian nation’s computer emergency response team – said the data breach has impacted patients who visited SingHealth’s specialist outpatient clinics between May 1, 2015, and July 4, 2018.

“About 1.5 million patients… have had their non-medical personal particulars illegally accessed and copied,” SingCert confirmed. “The data taken include name, NRIC [national identity] number, address, gender, race, and date of birth.”

Forensic investigations conducted by the authorities indicated that this was a “deliberate, targeted and well-planned cyber-attack”.

“It was not the work of casual hackers or criminal gangs,” the statement read.