HK 'lacks a plan' to repel cyber attacks

PUBLISHED : Thursday, 13 August, 2009, 12:00am
UPDATED : Thursday, 13 August, 2009, 12:00am

Hong Kong lacks a comprehensive plan for monitoring the risk of cyber attacks and defending against them, an internet security expert has warned.

Roy Ko Wai-tak, manager of the Computer Emergency Response Team Co-ordination Centre, said the city needed a high-level body to monitor the risks to both the public and private sectors and set up contingency strategies.

He voiced his concern a month after a wave of attacks struck at least two dozen internet sites in South Korea and the United States, including that of the White House. Some South Korean websites had to shut down for three days.

The origins and motives of the hackers, who tried to jam the websites by overwhelming their data capacity, remain unknown.

Mr Ko, who monitors cyber security incidents in Hong Kong, said such an attack could target the city one day. There had been local cases in which cyber criminals had targeted e-banking users, but attacks could also be politically driven, he said.

'Given Hong Kong's close ties with the mainland, we should not rule out the possibility that some anti-China groups might launch cyber attacks against the city,' he said.

Mr Ko said he was worried about the city's lack of planning in the face of such attacks, noting that the impact on Hong Kong-based electronic commerce could be huge. 'I reckon our preparations for such attacks are inadequate,' he said. 'If our critical information infrastructure - such as the websites of the financial sector - come under attack, we might not be able to make responses and resume the orders swiftly.'

He said South Korea had a 200-strong agency to tackle the threat of cyber warfare, while Singapore had set out a detailed strategy in case of an attack. His centre employs just seven staff to monitor Web security.

Lawmaker Samson Tam Wai-ho, representing the information technology sector, said more resources were needed to strengthen the city's capability to detect malicious internet activities.

A spokeswoman for the Office of the Government Chief Information Officer said it liaised regularly with the government-funded centre, the police and internet services providers to tackle emerging cyber attacks.

The centre reported 532 security attacks in the first seven months of this year, up 15 per cent on the same period last year, with 339 cases involving hacking and 188 involving phishing sites - which seek to hijack a computer user's identity.

Mr Ko said most reports involved personal computer users.