LCQ 9: Hong Kong Computer Emergency Response Team Coordination Centre
Following is a question by the Hon Sin Chung-kai and a written reply by the Secretary for Commerce, Industry and Technology, Mr Henry Tang, in the Legislative Council today (April 2):
Question:
Hong Kong Computer Emergency Response Team Coordination Centre ("HKCERT") coordinates the efforts in handling local computer security incidents. Its duties include receiving incident reports, handling requests for assistance as well as providing responses and recovery support. According to the findings of the Information Security Survey 2002, in the past three years, most of the computer attacks on local small and medium enterprises involved computer virus attacks. In this connection, will the Government inform this Council:
(a) of the number of requests for assistance handled by HKCERT with a breakdown by types and the average response time;
(b) of the number of various security alerts disseminated (such as virus and vulnerability alerts) since the establishment of HKCERT, the methods of dissemination and the average difference in the time required for HKCERT and other computer security companies to disseminate security alerts to the public;
(c) whether it has reviewed the operation and effectiveness of HKCERT's mechanism for disseminating security alerts to the public; if so, of the outcome of the review; if not, the reasons for that; and
(d) whether it has formulated policies to deal with computer virus attacks?
Reply:
Madam President,
(a) Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) was established in February 2001. As at the end of February 2003, the respective numbers of reports and requests for assistance handled by HKCERT with breakdown by types are as follows:
| Type |
2001 |
2002 |
2003 |
Total |
Information Security
incidents such
as hacking and
denial of service |
150 |
240 |
37 |
427 |
| Computer virus |
481 |
217 |
42 |
740 |
| Others |
2 |
0 |
0 |
2 |
| Total |
633 |
457 |
79 |
1 169 |
Normally, HKCERT will respond to phone-in requests immediately. For requests received through e-mail and fax, HKCERT will respond within three hours if the requests are received during business hours (8.30 am - 8 pm) or within the first three hours of the following working day if received outside business hours.
(b) Since its establishment, HKCERT has disseminated a total of 70 computer virus alerts and some 280 other information security alerts (e.g. software vulnerability alerts). These alerts were disseminated through HKCERT's website, e-mail, short message service, press release, etc.
Apart from computer security companies (such as anti-virus software suppliers, information security services providers and security monitoring companies), HKCERT also receives information and alerts on information security from computer emergency coordination centres of other places, software developers and those seeking assistance from HKCERT. Upon receipt of such information, HKCERT will conduct technical analysis and risk assessment, and collate the findings into a clear and simple alert for dissemination to the public. The alert will include a summary of the incident, relevant preventive and remedial measures, as well as technical recommendations. The aim is to help the public understand the development and impact of the incident so that effective preventive and remedial actions can be taken. Normally, HKCERT can issue such alerts within three hours upon receipt of the information.
(c) HKCERT keeps under review the operation and effectiveness of its mechanism for disseminating security alerts to the public with a view to introducing improvements. One such improvement introduced recently is the free short message alert service launched this January. In addition, the Information Technology Services Department (ITSD), the Hong Kong Police Force (HKPF) and HKCERT are planning to set up a 24-hour notification system in order to more closely exchange intelligence, monitor developments and disseminate alerts on computer virus and information security incidents.
(d) The Government takes computer virus attacks seriously. We have been tackling the problem by stepping up public education and preventive measures, disseminating information, providing support services, carrying out follow-up action and conducting review. The HKCERT, established by the Hong Kong Productivity Council with funding from the Innovation and Technology Fund, coordinates the handling of local information security incidents. It receives incident reports, deals with requests for assistance, and gives recommendations on recovery and remedial measures, and offers other support services. It also closely monitors information security situation in other places and disseminates timely alerts to remind the public of the need to enhance preventive measures. Cases involving computer crime will be investigated and followed up by HKPF. ITSD and HKPF, in collaboration with international and local information security experts, also monitor latest developments regarding computer virus and its possible impact on Hong Kong, and review existing preventive measures.
ITSD, HKPF and HKCERT will continue with their efforts to strengthen public education and the various support services. The objective is to raise public awareness of computer virus attacks, enhance their capability to deal with such attacks, and reduce the possible impact of computer virus attacks on Hong Kong.
Wednesday, April 2, 2003
- END -
|