Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government of the Hong Kong Special Administrative Region 8 November 2005 1 Distinguished Guests, Ladies and Gentlemen, Good morning. I have great pleasure to be invited to address you at the Information Security Summit 2005 this morning. 1
Beware of : Cyber Security Threats Computer Viruses Spyware Phishing Scam Botnet Ransom Fake Website Credential Theft and new tricks 140,000 Viruses since 1986 2 Nowadays, people seldom question the benefits of using the Internet for communication and doing business. Business executives are now concerned about the rising trend of cyber security threats such as computer virus attack, spyware, phishing, scam, botnet, ransom, fake website, credential theft and other tricks. Since the first virus was discovered in 1986, more than 140,000 viruses have been found exploiting software vulnerabilities and disrupting computer networks and systems worldwide. At the same time, hackers keep finding ways to intrude into networks and computer systems, implant unwanted program codes in victim computers or hijack Internet access to bogus websites. IT executives are angry at spyware that leaks out their company information stealthily, or slows down their systems. 2
Spam Nuisance Email, Fax, SMS/MMS, Telephone Call and etc. 67% of Email Traffic Unsolicited Mobile Phone Calls 3 Internet users also face rising intrusive spam nuisance. Spam is disseminated in various forms, such as email, fax, SMS/MMS and telephone call. In September, the global ratio of spam in email traffic was 67%. There is also a rapid rise in unsolicited mobile phone calls where the recipients have to pay for taking such nuisance calls. 3
Cyber Crimes 560 Cases in 2004 in HK Including Hacking Obscene Articles Criminal Damage to Data Internet Shopping Fraud 4 The increase of cyber crimes is another concern. In Hong Kong, computer related crimes have climbed from 34 cases in 1998 to 560 cases in 2004. These crime cases include hacking, publication of obscene articles, criminal damage in relation to data, and Internet shopping fraud. Is the cyber space so unfriendly? My answer is Certainly Not. Instead of viewing these threats as impediments to moving into the information age, we should treat them as reasons for having a good information security posture so that we can continue to reap the benefits of the Internet era. 4
Cracking down Cyber Crimes Robust ICT infrastructure Security Policy and Measures Computer Forensics Facilities Expertise Collaboration 5 Over the past years, the Government has taken successful steps to establish a robust ICT infrastructure to facilitate the conduct of electronic commerce in Hong Kong. Today, we have a robust Internet infrastructure with many excellent Internet service providers as well as an emergency response support mechanism. To safeguard our information systems, computer users have to implement effective measures to guard against various types of cyber attacks. It is advisable for businesses to formulate a set of security policy, guidelines and good practices. In our fight against cyber crimes, the Government has established computer forensics facilities, developed expertise and collaborated with the industry, which has enabled the successful crack down of many cyber crime cases in recent years. 5
The STEPS Anti-Spam Campaign Five Key Initiatives of STEPS : Strengthening Existing Regulatory Measures Technical Solutions Education Partnerships Statutory Measures 6 Realizing the damaging effects of spamming activities, the Government has launched a campaign entitled STEPS to fight the spam epidemic. STEPS tackles the spam problem by means of five key initiatives. They are Strengthening Existing Regulatory Measures, Technical Solutions, Education, Partnerships and Statutory Measures. Before the anti-spam law is put in place, the Government is seeking telephone operators cooperation in providing their customers with services to filter unwanted promotional telephone calls. It is important to appreciate that Information Security is about people, process and technology, with the latter contributing about 20%. Incidents such as Web Defacement, Denial of Service, Hacking and Virus Attack will occur on the Internet because this is the nature of doing business in an open environment. 6
Cyber Security for MC6 High Profile International Event to be held in Hong Kong between 13-18 December Cyber Security an Issue Must ensure high standard of information security to Protect, Detect, React and Restore Respond to Security Incidents Execute Contingency Plans 7 Government has taken serious steps to ensure cyber security for the MC6 to be held between 13 th and 18 th December. The best practices and effective mitigation measures to combat against large scale cyber attacks are to get prepared and practise responding to such incidents through tabletop or mock exercises. Loopholes discovered are corrected quickly. We train our folks and have them ready to counter malicious activities. If necessary, business continuity plans will be activated to provide service through alternate means. Our top priority is to minimize the impact on operations by isolating the incident and blocking the attack so that the MC6 as well as the Government s operation can continue. To ensure maximum information security in the community, the Government is currently working together with the major Internet Service Providers to develop guidelines and procedures for responding to the various cyber attacks. We will ensure proactive public affairs to update the public and manage their expectations. 7
Public Education and Awareness InfoSec Website (www.infosec.gov.hk) Education Programmes Promotion Campaigns 8 To facilitate the development of a reliable and secure e-community, we need the concerted efforts from everyone in our community and be a good citizen of the cyber world. Government is committed to raising public awareness and promoting ethics on information security through launching the InfoSec website (www.infosec.gov.hk), education programmes and promotion campaigns. 8
Hong Kong Clean PC Day Clean your PCs on 25 November 2005 Scan your PCs with Anti-virus Software Protect your PCs with Personal Firewall Apply Security Patches 9 We have set 25 November 2005 as the Hong Kong Clean PC Day to arouse the community on the importance of information security and how to protect their information from cyber attacks. You are cordially invited to participate in this meaningful campaign. Please visit the OGCIO website to find out more details. 9
For Your Concerted Efforts to Ensure Cyber Security 10 I wish the Summit a great success. Thank you. 10