iTnews

NSW govt's first bug bounty program driven by digital licensing push

By Justin Hendry on Nov 6, 2019 4:46PM
NSW govt's first bug bounty program driven by digital licensing push

Expansion sparks up as Dominello channels Marie Kondo.

Service NSW created the state government’s first bug bounty program as part of the development of the NSW digital driver’s licence, Customer Service Minister Victor Dominello has revealed.

Dominello told a packed Australian Information Industry Association event in Sydney on Wednesday the program was established to weed out security vulnerabilities in the opt-in electronic vehicle licence.

The digital pass – which launched just over a week ago and has so far seen 680,000 downloads by NSW drivers, up from 600,000 on Monday – is underpinned by a range of different platforms, including blockchain and AWS.

“The bug bounty program ... allows independent security experts to get hands on with the underlying code and get rewarded for finding areas where the security of our platforms can be further improved,” he said.

Dominello said although bug bounties were “commonplace in the technology industry”, the program is one of the first rollout out by any government in Australia.

“To my knowledge, no one in government has done it,” he said.

Dominello thanked Yaakov Smith, a white hat hacker, who he said came forward to help with the security on the digital licence.

The program is now expected to “become part of [the government’s] design moving forward in relation to particularly digital services delivery”.

“Ultimately, it means the people and businesses of NSW get safer access to government services,” he said.

Dominello said the program was just one of the reasons the electronic vehicle licence – which also uses a passcode and a device’s biometric functionality – is more secure than a physical licence.

“We take cyber security very seriously in NSW. The digital licence has been through multiple rounds of security testing and audits, including by our own Cyber Security NSW team,” he said.

Some of these audits are understood to have been undertaken after the government pushed back the original state-wide rollout of the digital pass due to stability issues.

The government also completed three privacy assessments throughout the alpha and beta phases for the program, and worked with the NSW Privacy Commissioner to design key elements.

“We’ve put privacy first in the design of the verification process – when your licence is checked, you don’t need to give your phone to the checker or police,” he said.”

“Not only is this in the design, it’s the law.”

Dominello envisages single licence future, channels Marie Kondo

With the number of digital driver’s licence downloads now just shy of Service NSW’s conservative estimates for the first 12 months, Dominello said the government was now looking to ensure NSW citizens can use the digital pass across the state’s border.

“We’ve already started engaging with other states and territories on inter-state acceptance of the NSW digital driver’s licence,” he said.

“Once NSW amends its legislation, I’m confident that interstate acceptance of the DDL for proof of age and permission to drive will follow shortly thereafter.”

The government is also looking to bring more licences onto the platform, with trade licences the next to be digitised next year.

But Dominello also envisages a time when NSW simply has a single, multi-purpose licence for citizens, in line with the government’s vision for a “tell us once” approach to digital services.

“In the future, we won’t be talking about ‘our driver’s licence’. We will be talking about our NSW Licence – full stop,” he said.

“One digital licence that shows your permission to drive - tick, permission to work with children - tick, permission to sell alcohol, and so on.”

“When your details change, you can tell government once and it be updated everywhere. When you apply for an additional permission to be added to your licence, your details are filled automatically.”

Channelling renowned anti-clutter guru Marie Kondo, Dominello said the government wanted to ensure NSW’s various plastic licences weren’t just replaced with digital equivalents.

“Marie Kondo would not want a whole lot of different paper licences to be replaced with a whole lot of different plastic licences - to be replaced with. For Marie Kondo, digital clutter does not spark joy.”

“To make Marie Kondo happy – and I want to make her happy – not only will we harmonise, we will synthesize.”

Real-time insights

While the Service NSW app faced initial stability issues when the digital driver’s licence went live associated with the rush of motorists, Dominello said real-time data had allowed devs to quickly fix issues as they emerged.

In some cases, this meant the Service NSW team was “up at night solving the problems”,

“All the way through the last week, we’ve had to-the-minute data (i.e real-time) on adoption and feedback across the state,” he said.

“This means that we have engineers making adjustments throughout the night as the real time feedback was coming in.”

“This real time feedback and the agility it provides is cutting edge for the private sector, let alone for a big government like NSW.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bug bounty digital government digital identity drivers governmentit licence marie kondo nsw security service nsw software strategy victor dominello

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Justin Hendry
Nov 6 2019
4:46PM
0 Comments

Related Articles

  • NSW photo cards next on Dominello's digital hit list
  • NSW changes direction with digital driver's licence 'copy solution'
  • NSW govt building 'copy solution' to boost digital licence acceptance
  • Ministers push to keep digital ID systems uniform
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability

Downer lands $330m Telstra field services contract

Downer lands $330m Telstra field services contract

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.