Defences lacking in war against cyber bug
With the Stuxnet cyber superbug lurking across the border and causing concern for large industrial operations worldwide, it would be comforting to think that technologically savvy Hong Kong has its defences ready.
If it has, checks with various government departments that deal with such matters failed to find any evidence of this.
There are cyber experts in the police and the Office of the Government Chief Information Officer to combat computer crimes and internet threats, but none of them were prepared to admit responsibility for fighting an attack that might shut down the city's power plants and traffic systems.
And even if they do, the expert who advises the government on computer threats says there is probably not much they could do against Stuxnet, which has affected thousands of industrial plants and facilities through loopholes in the Microsoft Windows operating system and German engineering giant Siemens' control systems.
'Controlling systems of major industrial facilities are like a black box,' said Roy Ko Wai-tak, manager of the Hong Kong Computer Emergency Response Team Co-ordination Centre. 'Only the system's suppliers know how it works and what the loopholes are. It is highly exclusive and there is nothing outsiders can do.' The centre monitors internet security for the public and works with police and the information office to track major incidents in cyberspace - such as serious internet traffic jams.
The police commercial crime bureau investigates commercial crimes, and its counter-terrorism and internal security division deals with physical attacks, but neither is geared to deal with an attack in cyberspace.
The force's technology crime division, responsible for technology-related investigations and forensic examinations of computers, is the closest unit the police have to a cyber-attack repeller.
But an officer who did not want to be named said anything that involved a terrorist element should be the job of the force's security wing.
The Security Bureau said the government was committed to providing an effective and efficient response to all emergency situations which affected life, property and public security, but officials admitted privately they did not deal with computer crimes.
Unlike Britain and the United States, neither the mainland nor Hong Kong has an established multi-agency government structure that could co-ordinate various agencies to react quickly to cyber terrorism.
The Civil Aviation Department said it did not use any systems provided by Siemens, and an inspection of its air traffic control system had found that it did not allow the spread of the superbug, which Siemens says was first discovered at 15 sites in Germany in July. Major utilities including the MTR Corporation and CLP Power said their operation systems were safe because they were separated from external connections.
But Ko said this was not necessarily the case. 'The internet is not the only way for hackers to access the operation system, they could gain access to it by other channels, such as USB memory sticks.'
