LCQ3: Government's network security protection
Following is a question by the Dr Hon Elizabeth Quat and a reply by the Secretary for Commerce and Economic Development, Mr Gregory So, in the Legislative Council today (October 22):
It has been reported that on the first day of this month, an international hackers' group declared cyber war codenamed "Operation Hong Kong" and threatened to hack, in a joint effort with hackers around the world, into the web sites of the Hong Kong Government and make public the Government's confidential information and personal data of officials. The group also announced a few tens of web sites as the targets of their attacks, which included those of the Hong Kong Police Force, Department of Justice, Customs and Excise Department, certain local media organisations and the Hong Kong Exchanges and Clearing Limited. Subsequently, there were reports about local web sites being attacked by hackers leading to temporary suspension of their network operation. In this connection, will the Government inform this Council:
(1) whether it has examined the modus operandi used by the aforesaid hackers' group for launching cyber attacks and the economic losses caused by such attacks; if it has, of the details; if not, the reasons for that;
(2) whether the authorities have comprehensively reviewed and enhanced the cyber security measures of various government departments since the declaration of cyber war by the hackers' group; whether they will take measures to ensure that public and private organizations, including individuals, will be protected from attacks by local or overseas hackers; if they will, of the details, if not, the reasons for that; and
(3) whether it has investigated if the hackers' group has any direct or indirect connections with overseas governments or organizations; if it has conducted such an investigation, of the outcome?
We all along put heavy emphasis on network security protection. The Office of the Government Chief Information Officer (OGCIO) has formulated comprehensive information security policies, procedures and guidelines for compliance by bureaux and departments (B/Ds) to protect Government information systems. Various technical solutions and security measures, including the installation of anti-virus software, firewalls and intrusion detection and prevention systems, have been deployed to mitigate security threats and malicious attacks from hackers to enable normal operation of Government information systems. OGCIO is also closely monitoring Government network systems so that immediate measures can be taken as and when necessary.
Generally speaking, information reveals that attacks from the hacker group fall into three categories: (i) web defacement; (ii) distributed denial-of-service (DDoS) attacks; and (iii) intrusion into network systems to steal data. In respect of web defacement, attackers exploit vulnerabilities of web servers to implant unauthorised content. For DDoS attacks, attackers launch attacks against targeted systems using computers from different sources simultaneously, and affect the web service of the targets by consuming their network bandwidth and server resources. For network system intrusion, attackers gain access to network systems by exploiting their system vulnerabilities to steal data such as personal data of registered website users.
Regarding the three-part question asked by Dr Hon Quat, my response is as follows:
(1) The Government was aware that the hacker group had recently attempted to attack some Government websites, making these websites slow in operation by significantly increasing their traffic. OGCIO worked with relevant departments to take appropriate measures to block the intrusion and get the websites back to normal operation as soon as possible. The hackers' attacks have not caused significant impact on e-Government services, and Government network systems and websites have not been compromised or defaced.
Besides Government websites, OGCIO and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) also maintain close contacts to monitor the overall situation of network security in Hong Kong. HKCERT is providing computer incident response related service to the local Internet community. When HKCERT discovers that some websites are potentially under cyber attacks, it will contact the affected organisations to look into the situation and provide professional advice and relevant assistance.
Although individual local websites had come under hackers' attacks, we understand that such attacks did not have significant impact on Hong Kong's economic activities.
(2) With regard to cyber security, all Government B/Ds are following the standing information security policies, procedures and guidelines to protect Government information systems. Since the hacker group declared that it would start the cyber attack, OGCIO has immediately contacted and reminded B/Ds to examine their network security measures, strengthen defence, activate relevant contingency plans, as well as closely monitor the situation to ensure normal operation of Government computer systems. We will continue to take appropriate measures to protect Government websites, e-services and data.
Besides, we also collaborate closely with relevant stakeholders (including the Hong Kong Police Force, HKCERT, Internet service providers and business partners) to address the cyber attacks. Any organisation (including individual) may contact HKCERT directly for enquiries or reports on security incidents. Upon receipt of enquiries or incident reports, HKCERT will provide advice and support on IT security matters to those seeking help, and assist them in fixing the vulnerability and taking measures to guard against cyber attacks.
(3) According to my understanding, the Police are still investigating the related cases. Police investigations so far reveal that the attacks launched by the hacker group partly originated from Hong Kong and partly from other regions outside Hong Kong.
Wednesday, October 22, 2014