The Centre for Cybersecurity Belgium (CCB) is hosting Hack the Government 2024, marking the first-ever ethical hacking event organised by the Belgian Federal Government. On Wednesday evening, 27 November, Alexander De Croo, Belgium’s Prime Minister will present the winner of the event with the coveted “Ethical Government Hacker of 2024” award.
Hack the Government 2024 is firmly rooted in the belief that ethical hackers can raise the level of cyber security in Belgium: a view that has led Belgium to authorise ethical hacking, subject to compliance with certain strict conditions defined by law.
This unprecedented initiative brings together the community of ethical hackers to identify vulnerabilities across government websites and systems, demonstrating Belgium’s commitment to cybersecurity and proactive defense measures. Together we can make Belgium the least cyber vulnerable country in the EU.
Adding to the excitement, Hack the Government 2024 features a diverse group of ethical hackers (professionals and students) eager to help make Belgian digital assets safer. They will join forces to put governmental systems to the test. This collaboration gives participants the rare opportunity to contribute directly to securing public infrastructure. Although it is a competition to become “Ethical Government Hacker of 2024”, teamwork is developing with mentoring, collaborating, and sharing amongst the participants.
The government entities participating in this initiative are:
- FPS Policy and Support (FOD BOSA/SPF BOSA)
- L'Office national des vacances annuelles / Rijksdienst voor jaarlijkse vakantie (ONVA/RJV)
- The Federal Agency for Medicines and Health Products (FAMHP/FAMPS/FAGG)
- The Centre for Cybersecurity Belgium (CCB)
Hack The Government 2024 is organised in close collaboration with the renowned bug bounty platform, Intigriti, providing a unique opportunity to put governmental systems to the test through controlled, authorised penetration testing. Started on 13 November, the challenge will culminate in an in-person event on Wednesday, 27 November. The one crowned “Ethical Government Hacker of 2024” wins a training course from the renown SANS Institute, including the Global Information Assurance Certification exam (GIAC) worth over € 10 000. A touch of IT humour cannot be missed, so we have also provided honourable mentions for a variety of fun awards including “The first to draw blood” and “The one submitting most duplicates”.
The Importance of Ethical Hacking and Bug Bounty Programs
Through exercises like penetration tests (pentests) and bug bounty programs, organisations proactively address cybersecurity risks, staying ahead of cyber threats and strengthening public trust in digital services.
Hack the Government meant federal agencies trusting CCB to guide and organise the process. This meant working closely together over several months to detail the scope of the event. But the work will not end on 27 November. Checking findings, validating processes and procedures, and making necessary adjustments to improve cybersecurity will be on-going for testing again in future.
This initiative represents a major step forward in governmental cybersecurity, bringing together public entities, private expertise, and the ethical hacking community. Hack The Government 2024 emphasizes the importance of cybersecurity collaboration, and we are eager to showcase the results of this pioneering effort.
National policy on reporting vulnerabilities
The event will be organised under the provisions of the law of 26 April 2024 establishing a framework for the cybersecurity of networks and information systems of general interest for public security (NIS2). This is the Belgian legal framework that allows individuals to report identified vulnerabilities in information systems to the Centre for Cybersecurity Belgium (CCB) and the organisation concerned without fear of criminal or civil prosecution, provided that certain rules are complied with. This legal framework makes it possible to strengthen Belgium's digital defences by encouraging public participation in cybersecurity efforts, and to provide an appropriate framework for such actions.
This type of event also encourages organisations in Belgium, such as federal public administrations, to develop a coordinated vulnerability disclosure policy (CVDP) enabling them to receive reports of vulnerabilities (with appropriate communication channels).
Each organisation may also offer a Bug Bounty programme (offering financial rewards for detected vulnerabilities), thus encouraging experts to contribute to the security of public services.