Some 20 digital platforms developed by the National Technology Centre for COVID-19 Prevention and Control will be submitted to BugRank, a joint cooperation between the National Cyber Security Centre and VNSecurity that employs security researchers to help identify security vulnerabilities, according to the Ministry of Information and Communication (MIC) and the NCSC.
The platforms, including the widely-used COVID-19 tracking app BlueZone, have played a key role in the country's effort to fight the virus. They have helped inform citizens of newly discovered virus clusters, track infections, fill in health declaration forms and produce QR codes.
The centre has also introduced additional programmes to assist health experts to sort and manage COVID-19 test results, operate quarantine zones and connect citizens with health workers on the front line.
According to a representative from the centre, protection of private and personal data is among the highest priorities, especially since the platforms have been often used to collect confidential health information of citizens.
In order to better safeguard user information, the platforms, prior to their official releases, must have been put through rigorous tests designed by cyber security experts from the Ministry of Public Security, the Minister of Defense, the MIC and the Vietnam Information Security Association. Even after release, the platforms must be regularly checked for security risks by said agencies.
However, due to the dynamic and fast-changing nature of cybercrimes, it has become a matter of great importance for software developers and system managers to anticipate and carry out quick responses in the event of cyberattacks. This challenge is especially daunting as all it takes is often just one security hole for hackers to compromise a whole system.
"We fully understand the importance of and the cyber threats to Viet Nam's anti-COVID-19 platforms. That's why we have started an initiative to seek out their security vulnerabilities and hopefully to address them before they could be exploited," said an NCSC's representative.
BugRank is a bug bounty programme, which employs a competitive model that leverages the use of ethical hackers (or security researchers) to detect and submit bugs or vulnerabilities within an organisation's digital assets with the potential for rewards if found and validated within a predefined scope. — VNS