'Hack Mindef' and win cash if you are successful
Successful hackers will win cash; measures will be in place should they turn rogue
In a first for the Singapore Government, the Ministry of Defence (Mindef) will be inviting about 300 international and local hackers to hunt for vulnerabilities in its Internet-connected systems next year, in a bid to guard against evolving cyber threats.
From Jan 15 to Feb 4, these selected experts will try to penetrate eight of Mindef's Internet-facing systems, such as the Mindef website, the NS Portal, and LearNet 2 Portal, a learning resource portal for trainees.
These registered hackers can earn cash rewards - or bounties - of between $150 and $20,000, depending on how critical the flaws discovered are.
Called the Mindef Bug Bounty Programme, it will be the Government's first crowdsourced hacking programme.
This follows an incident earlier this year when Mindef discovered that hackers had stolen the IC numbers, telephone numbers and birth dates of 854 personnel through a breach of its I-Net system.
One of the systems being tested, Defence Mail, uses the I-Net system for Mindef and SAF personnel to connect to the Internet.
Yesterday, defence cyber chief David Koh announced the new programme after a visit to the Cyber Defence Test and Evaluation Centre - a cyber "live-firing range" where servicemen train against simulated cyber attacks - at Stagmont Camp in Choa Chu Kang.
On the significance of the "Hack Mindef" initiative, he told reporters: "The SAF is a highly networked force. How we conduct our military operations depends on networking across the army, navy, air force and the joint staff.
"Every day, we see new cyber attacks launched by malicious actors who are constantly seeking new ways to breach our systems... Clearly, this is a fast-evolving environment and increasingly, you see that it is one that is of relevance to the defence and security domain."
The bigger picture is that cyberspace is emerging as the next battlefield, said Mr Koh, who is also deputy secretary for special projects at Mindef.
"Some countries have begun to recognise cyber as a domain similar to air, land and sea. Some have even gone so far as to say that the next major conflict will see cyber activity as the first activity of a major conflict," he added.
While there will be some risks in inviting hackers to test the systems, such as an increase in website traffic and the chance that these "white hat" hackers will turn over discovered vulnerabilities to the dark Web, measures will be put in place.
White-hat hackers break into protected systems to improve security, while black-hat hackers have nefarious intentions to exploit flaws.