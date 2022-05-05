The Quebec government is calling on hackers and researchers to find vulnerabilities that could compromise the security of Quebecers' data in government computer systems.

Researchers will be paid on a per-capita basis, between $50 and $7,500 each time they identify a security issue on a government site.

Cybersecurity Minister Eric Caire made the announcement at a press conference Thursday afternoon.

"The Quebec government is the first public administration in Canada to make a program of this nature available," said Caire, noting that the initiative will not replace security mechanisms already in place.

"This is just one more layer that we are adding to ensure that the systems we are deploying are cyber-secure," he said.

The 'Programme de prime aux bogues' invites researchers to register and formally identify themselves on a secure platform called 'Yeswehack,' a European leader in the field, according to the government.

Pay varies according to the criticality of the flaw that is detected. In the pilot phase of the program, $64,000 will be available to researchers.

"The project will continue until the pot is exhausted," explained Caire, after which a report will determine whether the project should become permanent and "eventually go to tender."

No personal information will be available to researchers analyzing the systems, according to the Cybersecurity Ministry, which said in a statement that the analyzed programs "will be copied into test environments."

The hacker or researcher who finds a vulnerability will see their "score" increase on the platform.

"So for researchers, this is a source, a double-source of motivation. Obviously, there is the remuneration, but there is also seeing one's rating increase, because it increases the credibility of the researcher and therefore the opportunities available," said Caire.

The Yeswehack platform is already accessible to researchers, and Caire said "the entire community of the planet has access to the program," which will give the government "access to a very high level of expertise at a lower cost."

The amounts awarded and number of flaws detected can be made public, he said, but the details of the reports will not be published for confidentiality reasons.

MULTIPLE FLAWS IN RECENT MONTHS

Last December, the Quebec government preventively shut down almost all of its 3,992 websites following the discovery of a major security breach affecting servers around the world. Some of the sites were closed for a few days.

A few weeks ago, Quebec provincial police (SQ) opened an investigation into a confidential data leak at the Conseil du trésor.

In the Spring of 2021, thousands of parents registered at La Place 0-5, a daycare booking website, had their personal data stolen by a cyberhacker.

According to Caire, the new program will increase "the level of security of public services and governmental electronic exchanges within the Quebec government."

This report by The Canadian Press was first published in French on May 5, 2022.