Collaboration sought on network security
Government chief information officer Howard Dickson is seeking increased government and industry collaboration to address growing computer network security issues.
Mr Dickson, Hong Kong's information technology tsar, kicked off the second annual Integrated Security Conference and Expo last Thursday with a call to raise the awareness of consumers and businesses against spam, spyware, viruses and other online security threats.
'We used to have time to fix things, but not any more,' Mr Dickson said, noting that both public and private sectors relied more and more on integrated networks which were being disrupted by frequent cyber attacks.
'The government must work with industry and others for security issues to have any effect,' he said. 'We are going to need partnerships and education.'
His agency, the Office of the Government Chief Information Officer, and the Security Bureau jointly oversee a Baseline Information Technology Security Policy that all Hong Kong government bureaus and departments follow.
Mr Dickson pointed out that the government was also pushing for the creation of an anti-spam law to contain the growing threat from all types of unsolicited electronic mail.
'We are working on this anti-spam legislation,' he said. 'You can't do anything about [this problem] if it is not illegal.'
Spam activity has risen dramatically worldwide. A recent report from information security giant Symantec said spam had increased from an average 800 million junk messages a week to more than 1.2 billion messages a week by December last year. The government's legislative action formed part of a basket of measures planned to combat all unsolicited messages proliferating on the internet, mobile phone networks and fax systems.
Alan Fung, national director for China of the Information Systems Security Association (ISSA), the world's largest not-for-profit umbrella organisation for security professionals, said remote access and wireless connections had increased the number of security weaknesses that their members must deal with every day.
'That complexity represents a large challenge,' Mr Fung said in his conference keynote speech. 'We formed this alliance because of the increase in attacks.'
The ISSA has more than 13,000 members in nearly 100 chapters around the world. Its primary goal is to promote management practices that will ensure the confidentiality, integrity and availability of information resources.
Mr Fung said the time to react to dangerous threats was getting slower, as networks move digital data faster than before.
The threat landscape has also expanded from the use of technologies such as internet messaging, and peer-to-peer file-swapping. Another major security challenge for many large enterprises involved compliance with new the United States financial reporting law called the Sarbanes-Oxley Act.
Sarbanes-Oxley compliance, with emphasis on its Section 404, is being enforced to protect investors and shareholders by ensuring the integrity of financial reporting and forcing corporate officials to take full responsibility for public disclosures required under the law. There is, however, considerable question of the law's implications for corporate information security.
Security experts have found that provision required publicly traded companies to employ information security to the extent necessary to ensure the effectiveness of internal controls over financial reporting. It also affects Hong Kong and mainland firms, as they must conform to the strict transparency requirements with which their US business partners or clients are subject to.