Vilnius is challenging hackers inviting them to search for gaps in IT systems
February 11th is the International Safer Internet Day. Caring for security of its own and that of others, the City of Vilnius openly invites citizens of Vilnius to contribute to the enhancement of cyber security by participating in the municipality’s programme for responsible disclosure of weaknesses in cyber security called “Hack me if you can”. The programme will provide the opportunity to identify gaps in one of 5 websites of the municipality free of charge. The City of Vilnius is the first public institution in Lithuania courageously taking the initiative to change a rather closed approach to cyber security in Lithuania.
The programme “Hack me if you can” is unique, as those, who have cyber skills, can help to lawfully (and in observance of certain rules) search for gaps in information systems in certain applications and platforms of the city, without adversely affecting information stored in the systems.
“We should have a strong sense of community online, just like in our own city, rendering assistance when it is needed. Nowadays, many people do not know what to do having noticed gaps in IT systems, fearing that such reports may be treated as malicious activity, leading to initiated investigations thereof. A clear communication of our rules and expectations will help people to do the right thing: not to be afraid to report detected weaknesses in IT systems”, says Jonas Pidkovas, Head of Innovation and Technology Group at the Vilnius City Administration.
A responsible disclosure of cyber security gaps takes place when the detected gaps are revealed to the organization, in whose systems they were detected, itself. Under the programme, gaps will be reported to the Vilnius City Administration, and having fixed them (and only having obtained a consent thereto), they may be published. It is important to understand that early publication of such information (while the gap has not yet been fixed) may lead to malevolent people using it for criminal purposes, causing harm to people whose data are stored in the systems.
The idea of the programme for responsible disclosure of cyber security gaps was generated after the hybrid security exercise “Gediminas Legion” held last summer in Vilnius, when Vilnius IT enthusiasts voluntarily participated in both IT defence and social engineering fake news exercises.
J. Pidkovas says that “Hack me if you can” is one of the key ideas of the Innovation and Technology Group, which will allow investing more in innovation rather than in purchasing services. Further plans of this team involve the establishment of a common cyber security center (SOC) in Vilnius.
“The use of a responsible disclosure policy is a modern and mature approach to organizing cyber resilience on a collaborative basis. It shows the organisation’s openness and willingness to work together, appreciating contributions by various professionals. It is great to see how boldly taking the paths of digitization and data opening, Vilnius is immediately thinking of how to bring the risks involved under control and how to inspire others to follow the good example. I hope this will turn into the formation of an ecosystem and norms of good behavior. This is a pleasant message for me as a resident of Vilnius, and an example which I will happily talk about all over the world where I get to work. This is the first attempt, and we will likely have things to learn and improve, but this is how we grow”, says the Director of NRD Cyber Security, which helped the City of Vilnius to develop the policy of responsible disclosure.
Both natural persons under the age of 18, who have signed a programme participant’s confidentiality statement, and minors (14 to 18 years of age), with a written consent of their parents (guardians) and having signed a programme participant’s confidentiality statement, can register for and take part in the programme, identifying gaps within the limits of the programme free of charge.
For more information about the Programme, see: https://vilnius.lt/lt/vilnius-2in/kibernetinis-saugumas/
Marketing and Communications Department, email@example.com