Cybersecurity: Quebec Closes In On “Ethical Hackers”

The delegate minister of Government Digital Transformation, Éric Caire, admits it from the beginning: face the increase exponential cyber threats, real planetary scourge, you need the collaboration of those you call ethical hackers.

I think the need was already there, but this need has been exacerbated by the recent events that we are all aware of around the vaccine passport, where an ethical hacker has had a hard time contacting the government, where communication with the government was quite hard.acknowledges the minister.

To make things easier for benevolent hackers who want to help strengthen the security of government information assets, Eric Caire offers a vulnerability reporting platform.

The Minister presents the interface as an official and privileged communication channel with teams from the Government Cyber ​​Defense Center (CGCD).

Invitation to hack

Invite the ethical hackers test the security of the digital services of the state of Quebec to detect failures. In other words, the minister encourages them to hack government sites, but only if they do so. for the right reasons. In addition, those who wish can remain anonymous.

When filling out the online disclosure form, benevolent hackers will have to make a number of commitments, including not to exploit discovered loopholes for personal gain and not to publicize the breach. In return, Eric Caire guarantees them immunity.

The Legault government had been criticized for failing to offer immunity to Louis (assumed name), one of the cyber hackers who discovered flaws in the VaxiCode application (files).

Photo: Radio-Canada

It is a formal guarantee that the government will not take any legal action, will not prosecute, and will not initiate an investigation against you. It is a bit the basis of the dispute, there, of the facts that you knowsays the minister in reference to the saga of the VaxiCode application.

We are also committed to open communication. We want to talk to them. We want to talk to them. We want to find solutions with them.

Risks evaluation

Reporting each vulnerability made in the disclosure platform will generate an encrypted file that will be sent to the CGCDGovernment Cyber ​​Defense Center to allow you to make your own assessment of the defect.

According to Éric Caire, the increased use of digital technology, particularly due to teleworking, increases the risks associated with cyber threats (archives).

Photo: iStock / Maryna Andriichenko

To visit the vulnerability reporting platform put online by the Government of Quebec, click this link (New window).

The type of action to be taken and the response time will be determined by the level of criticality of the infraction.

There are vulnerabilities that […] Born [mettent] not compromise the system. Nevertheless […] if it threatens personal information, in fact it is something that is going to be critical and for which there should be an immediate reactionexplains Éric Caire.

According to the minister, Quebec is the first province in Canada to have an official interface for ethical hackers. He adds that the latter have been invited to collaborate in the configuration of the dissemination platform.