Publications and Press Releases - Speeches and Presentations

Office of the Government Chief Information Officer, The Government of the Hong Kong Special Administrative Region

	Publications and Press Releases > Speeches and Presentations

Speech by Mr. John S C Wong, Assistant Government Chief Information Officer, at the "Opening Ceremony of the APCERT Conference 2008"
12 March 2008

Mr. Yung, Ms Othman, Honourable Guests and Delegates, Ladies and Gentlemen,

Good morning. To our guests and visitors from overseas, welcome to Hong Kong. I am honoured to be invited to deliver the opening speech at the APCERT opening ceremony. This is a valuable opportunity with such a large learned audience gathering to share expert knowledge and experience on information security and incidents response.

Introduction

2007 was a hectic year for information security. There were quite a number of major international cyber security incidents, some of which involved large volume data breach, national security or significant financial blunder.

To recall some of them, the discount retail chain TJX had reported loss of 45.7 million customer records; a Swedish security researcher had exposed some 100 email credentials of embassies and political parties on the Internet; the confidential information of 1.3 million job seekers had been stolen from the online job site Monster.com; the UK Government department, HM Revenue & Customs had reported the loss of two discs containing 25 million records pertaining to the child benefit database; the Baltic nation of Estonia was seriously attacked by denial of service on the Internet that had crippled its government operation.

Each one of these incidents had led to disruptions of varying degree to business and personal activities, as well as hampered people's desire to use the electronic mode for communication and doing transactions.

In 2008, we are going to have a busy time making preparations for some big events. The well known ones are the 2008 Olympics in China and government elections in some countries. These events and their Web sites and reference resources are potential targets for physhing, frauds, spamming and various kinds of cyber crimes and attacks. Security advisors have warned that botnets will be more difficult to shut down and cause a significant increase of parasitic malware waiting for the time to attack. As a result, the number of computers infected by botnets will increase sharply in 2008. Furthermore, there is a trend of shifting from the classic teenage hacker to organized crime, hostile foreign governments and industrial espionage.

Risk Exposures

As we know, the current Internet environment is characterized by an increase in data theft, data leakage, and the creation of targeted, malicious code for the purpose of stealing confidential information that can be used for financial gain.

In particular, international public events bring an unusual level of risk as they attract a large volume of people who in themselves would add to burden on public infrastructure due to the demand for the ability to instantly communicate around the world through various telephonic/cyber centric means, both wired and wireless communications services. These events also frequently attract a counter culture who wish to gain visibility for a cause by disrupting major events thereby creating major embarrassment. The relative degree of exposure and sensitivity sensed by the host nation/city merely adds to the attractiveness of attack, particularly when the subject is a political one.

Security Preparedness

Modern societies expect an appropriate degree of emergency preparedness by their public administrators. To this end, we owe much to the good work of the Computer Emergency Response Teams (CERTS) around the world. CERTS primarily provide a centralized contact on computer and network security incident reporting and response for local enterprises and Internet users in case of security incidents.

With the explosive use of the Internet in people communication as well as business activities, CERTs are increasingly required to collaborate globally in order to perform their roles responsively and effectively.

CERT and APCERT Contributions

APCERT was established with the noble but practical aim to improve cooperation, response and information sharing among Computer Security and Incident Response Teams (CSIRT) in the Asia Pacific region. Many cross border activities and initiatives had been pursued over the years to enhance cooperation on information security among member economies.

One of the remarkable and successful programme is the annual regional drill to mimic a scenario of cyber attacks. In particular, the 2007 APCERT Drill simulated an attack trying to disrupt the upcoming Beijing 2008 Olympic Games. The participating teams had been able to test in that context their response capability in addressing cyber threats within the Asia Pacific economies and minimizing the impact.

Conclusion

In conclusion, we need to work together to understand and handle computer security incidents and to encourage proactive and preventive security practices among APCERT member economies.

In the conference today, you will hear the latest in cyber security trends and technology as well as interact with member colleagues and key industry and government leaders. In an increasingly connected society, building partnerships and strengthening relationships among the response community is essential to effective response coordination and collaboration

Finally, I want to thank HKCERT for organizing this event. I also wish you enjoy the conference that follows. For our oversea delegates, do stay behind to experience the different aspects of Hong Kong.

Thank you.

- END -

Top

2003

| Important notices | Privacy Policy

Last review date : 31 August 2008