The Confederation turns to “ethical hackers” to test its computer security – rts.ch

Today, standardized security tests are often no longer sufficient to detect hidden vulnerabilities, the Federal Department of Finance said in a statement on Wednesday.

This is why, for productive systems and applications of the federal administration, this research task will in future be entrusted to ethical hackers, commissioned within the framework of bug bounty programs. The National Center for Cyber ​​Security (NCSC) will oversee them.

As part of a pilot project, fifteen hackers commissioned by the Confederation had identified ten security flaws in the computer systems of the Federal Department of Foreign Affairs and the Parliamentary Services in mid-May 2021. One of them turned out to be “critical”. All flaws have since been filled.

>> Read also: The Confederation creates a federal office dedicated to cybersecurity

Use collective intelligence

Following the experience of this project, it was decided to extend the bug bounty program to a maximum of computer systems of the federal administration, indicates the DFF. The NCSC will conduct it in collaboration with the company Bug Bounty Switzerland SA. A pioneer in her field, she has great expertise in bug hunting and working with ethical hackers, the DFF points out.

“Bug bounty” programs are initiatives run by government departments, companies, interest groups, or individuals to identify, fix, and publicize software errors. The sponsors are therefore in a way appealing to collective intelligence to detect flaws. People who discover and report vulnerabilities are compensated for their efforts.

These programs are already widespread in the economy. Big companies like Facebook and Microsoft have been exploiting them for a long time. The Swiss Post, Coop, Raiffeisen, Ringier or FMB also already use the services of ethical hackers.

>> Read also: La Poste invites hackers to attack its new electronic voting system

ats/exercise