Singapore to offer bug bounty, set up Asean cybersecurity centre

Singapore government will launch a bug bounty initiative by end-2018, when local and international hackers will be invited to test systems for vulnerabilities, as well as a cybersecurity hub next year to facilitate collaboration and training efforts amongst Asean country members.
Written by Eileen Yu, Contributor on

The Singapore government has announced plans to launch a bug bounty programme by year-end as well as a cybersecurity hub to coordinate training and collaborative efforts amongst Asean country members.

The bug bounty initiative aimed to identify "cyber blindspots" and benchmark the government's defences against cyberattacks, said Deputy Prime Minister Teo Chee Hean, at the annual Singapore International Cyber Week conference this week.

The programme was scheduled to launch at the end of the year, during which both local and international white-hat hackers would be invited to test selected government systems and uncover vulnerabilities.

Teo said: "Through this process, we can bring together a community of cyber defenders who share the common goal of making cyberspace safer, and more resilient by securing our systems against malicious attacks. This builds a shared sense of collective ownership over the cybersecurity of our systems, which is vital to achieve our smart nation goals."

Singapore also will set up a "multi-disciplinary" Asean Cybersecurity Centre of Excellence, which will operate as a think-tank and training centre as well as emergency response team for the region. Slated for launch next year, the facility will be supported with a fund of S$30 million over five years, through to 2023.

The move was an extension of the Asean Cyber Capacity Programme, which Singapore had kicked off in 2016 with a seed funding of S$10 million as part of efforts to boost the region's cyber capabilities and infrastructure to combat emerging cyber threats. The initiative included the annual Asean CERT (Computer Emergency Response Team) Incident Drill (ACID), where member states participated in testing and improving their cooperation and responses to cybersecurity incidents.

With the new Asean centre, Singapore hopes to further strengthen member states' legislation, technical, and research capabilities, train local CERTSs across the region, and facilitate "open source" information sharing between the response teams.

Noting that the centre would encompass policies, legislation, and operations, Singapore's Minister for Communications and Information S. Iswaran said: "It reflects our conviction in the importance of aligning cyber diplomacy efforts with operational issues. We believe that this alignment will facilitate coordination towards a unified Asean perspective, so that we can better secure our collective regional interests at international platforms."

He added that other governments outside the Asean member community had expressed interest to work with the region under the new centre, including New Zealand, Canada, and the European Union.

Singapore also is working on a framework to coordinate cybersecurity efforts amongst the 10 Asean member states, outlining cyber diplomacy, policy, and operational issues. In the interim, the countries have agreed to observe 11 norms of behaviours--related to cybersecurity--recommended in the 2015 Report of the United Nations Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications.

Elaborating on the importance of establishing cyber norm behaviours, Iswaran said: "A rules-based order is key because it gives all states, big or small, the confidence, predictability, and stability that is essential for economic progress, job creation, and technology adoption.

"Ultimately, this will help to enhance the lives of all our people. It is also important that the international community abides by the same rules, as our world grows ever more interdependent and interconnected," he added.

Previous Singaporean Coverage

Singapore fines Grab-Uber $9.5M over 'anti-competitive' merger

Competition and Consumer Commission of Singapore says ride-sharing operator Grab adopted anti-competitive actions following its merger with Uber's regional operations, and fines each company more than S$6 million for the infringement.

SingHealth data breach reveals several 'inadequate' security measures

Investigation into the July 2018 incident reveals tardiness in raising the alarm, use of weak administrative passwords, and an unpatched workstation that enabled hackers to breach the system as early as August last year.

Singapore payments vendor takes app global with UnionPay partnership

Network for Electronic Transfers of Singapore (Nets) has inked an agreement with China's UnionPay to enable consumers to scan and pay for purchases at 7.5 million participating merchants worldwide.

Singtel 4G network hits 1.5Gbps speeds

Singtel and Ericsson have announced reaching peak 4G LTE speeds of 1.5Gbps, with plans to gradually deploy the technology as compatible smartphones become available in 2019.

Prime Minister's data stolen in Singapore hack, showing risk of connect health systems (TechRepublic)

A major cyberattack on Singapore's government health database compromised 1.5 million people's personal information, including the Prime Minister.


Singapore sets up cybersecurity assessment, certification centre

Singapore sets up cybersecurity assessment, certification centre

Malware is targeting crypto wallets, says Microsoft: Here's how to protect yourself better

Malware is targeting crypto wallets, says Microsoft: Here's how to protect yourself better

Google: These 'curated' open-source packages will improve software supply chain security

Google: These 'curated' open-source packages will improve software supply chain security