White hat hackers to help detect eGov.kz vulnerabilities Printable versionOctober 27, 2021
About 50 e-Gov vulnerabilities were detected and eliminated by the employees of National Information Technologies JSC (NIT JSC) under the Ministry of Digital Development, Innovations and Aerospace Industry of RK. This was stated following the results of Bug Bounty national platform piloting by the independent cybersecurity experts from more than 10 countries.
To date, various state-of-the-art cybersecurity utilities have been implemented and connected in NIT JSC, including round-the-clock Security Operations Center ensuring reliable protection against cyberattacks. Increase in the number of crimes in the field information technologies is followed by upgrade of requirements to resistance and resiliency of information systems.
In this regard, NIT JSC connected to the national program ensuring safety of services and apps called Bug Bounty. This enables providing a higher level of cybersecurity protection for e-Gov systems and resources.
“Each day thousands of information systems, including those of government agencies, are exposed to hacking attack. Secure storage and protection of e-Gov data and its components is vital for us. Thanks to the cooperation we not only boost the protection of our systems but also save our resources” highlighted Rostislav Konyashkin, Chairman of the Board, National Information Technologies JSC.
It should be reminded that in December 2020, Minister of Digital Development, Innovations and Aerospace Industry Bagdat Mussin announced the launch of Bug Bounty program for government agencies. At that time, within the private testing, critical vulnerabilities were detected which can affect the majority of Kazakhstani segment of the Internet.
“The global practice shows that connection of major IT companies to Bug Bounty program poses a company as the one seriously treating cybersecurity and makes it more transparent for customers. NIT JSC is the first from the public sector to connect to the Big Bounty national program. We are glad and support the decision as it shows maturity of approach to information systems protection.” shared Olzhas Satiyev, President, Cyberattacks Analysis and Investigation Center.
BugBounty is a specialized program within which the company attracts outside cybersecurity experts to test software for vulnerabilities for a fee. The program operates in such companies as Google, Facebook and Mozilla and has made their systems more reliable. It also allowed saving funds for hiring of information security personnel. The Bug Bounty Operator is TSARKA, the leader in cybersecurity services in Central Asia.