The Ministry of Information and Communications (MIC) has rolled out a Bug Bounty programme to detect security holes and vulnerabilities on national digital platforms. The National Cyber Security Centre (NCSC) described the Bug Bounty programme as a solution to help the government connect with leading domestic and international security experts and save time and costs while ensuring the network security of national platforms.
According to a press release by MIC, Bug Bounty is an annual programme and will be held from October 2021 to October 2022. The total prize money in the first year is VND1 billion (around US$50,000) and is expected to increase annually. Under the programme, MIC will announce a list of the top 50 experts who have made significant contributions to the detection of security holes on the Vietnam Information Security Day, which is held in November every year. The top three cybersecurity experts will receive awards and certificates of merit from the Minister of Information and Communications.
The initiative is an extension of the campaign “Detecting security holes on technology platforms for epidemic prevention and control”, which was launched earlier this month. Aiming to turn Vietnam into a digital country, and a nation of stable development and prosperity by 2030, the National Digital Transformation Programme approved by the government in June 2020 emphasises that cybersecurity is the key and an integral component to successful and sustainable digital transformation. Based on this, the government launched the Bug Bounty programme to detect security holes and better protect national digital transformation platforms.
Globally, vulnerability search platforms are common in the field of information security. “White-hat hackers” or vulnerability experts search for security holes on the platforms of large tech. The Certified Information Systems Auditor (CISA), an agency under the United States government, has selected Bug Crowd and EnDyna to implement a federal policy to find vulnerabilities on government technology platforms.
Earlier this month, the Vietnam Computer Emergency Response Team (VNCERT) and the Authority of Information Security, under MIC, presided over the deployment of the 2021 ASEAN Computer Emergency Response Team Drill (ACID 2021) for members of the emergency response network and IT units of ministries and agencies nationwide. Attending the ACID 2021 were teams representing ASEAN member nations and five dialogue countries, namely Australia, China, India, Japan, and the Republic of Korea.
As OpenGov Asia had reported, the drill was an opportunity for technicians of Vietnamese agencies, organisations, and enterprises to practice their skills in dealing with, investigating, analysing, minimising damage, and reporting emergencies. It aimed to help them gain knowledge and experience in responding to cyber security incidents. The ACID 2021 drill used the latest cybersecurity trends as scenarios for teams to strengthen their preparedness in solving cybersecurity issues. After the drill, experts and domestic team members spent time exchanging and sharing situations and solutions to help participants better understand how to handle the incidents in a specific case.
As per data from the first six months of this year, cyberattacks in Vietnam decreased but the level of sophistication and damage was much greater. Vietnam recorded 2,915 cyber-attacks in the first six months of 2021, an increase of 898 compared with the same period last year. Earlier in May, the MIC Minister issued a directive on strengthening the prevention and combat of violations and crimes on the Internet. The Minister also requested the sector to continue to effectively implement the Prime Minister’s directive on enhancing safety measures on cybersecurity which aims to improve Vietnam’s rankings.