Monday, September 21, 2009

Anti-Cyber Crime Efforts By Governments

What are governments doing to ensure that critical online operations remain operational when under attack from cyber criminals? FutureGov asked senior civil servants in Taiwan, Hong Kong, China and the Philippines to reveal how they are preparing their defences against hackers.

Hsiang-Chen Li, Director of Computer Centre, National Police Agency of Taiwan
Hacking in Taiwan gets more serious by the year. In 2008 the National Police Agency detected more attacks than in any other year – 4664, which is around three to four hacks a day. It is interesting to note that the age range of hackers in getting younger too. Almost one half of the hackers we know about in Taiwan are between the age of 12 and 17 years old, while the rest are between 18 and 23. The problem is allowed to get worse – and it will, most likely – because more people are using the internet in their daily and working lives. The average length of time Taiwanese spend on the internet is at least two hours each day, which leaves a lot of time for hackers to steal confidential information. They then sell it to criminal gangs, commit fraud or intimidate people with it. We started tackling the problem back in 1996. We created a Computer Crime Squad within the police department, and two years later all law enforcement units – including the district attorney – had a task force to handle internet crime. Also, the government established N-CERT and N-SOC in 2001 – initiatives to protect information infrastructure. We are also trying to connect with other countries since most hack attacks were launched from abroad.

Pang Yandong, Director of Information Industry Office, Government of Maoming City, China Information dissemination through web sites as a mean of promoting openness in government affairs is becoming increasingly important in China. And government portals are becoming a key platform for communication between government and citizen. But these platforms are magnetic for hackers. Our administrative web site in Maoming City has received many attacks at escalating cost in terms of disruption and down time. And they are using a variety of methods. Hackers hack into operating systems and expose vulnerabilities in control servers. They have been able to crack the system password, launch denial-of-service attacks, take over the server upload process and tamper with databases and page codes. We have been tackling the problem in the following ways. The first is to strengthen the information security system. Second, to increase user awareness of information security. This involves training network administrators regularly, so that we know how to cope with an attack. We also ensure that we have the most up-to-date security settings and that users change their passwords regularly. And in the event of an attack we record precisely how the hacker got through our system, and make notes on how we rectified the system – and how we might do it better next time.

Stephen Mak, Deputy Government Chief Information Officer, Government of Hong Kong Hacking remains one of the major threats that users and providers of IT should guard themselves against. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) monitors info-security threats in the community. According to them, there is no evidence of a growing trend in the number of hacking activities in Hong Kong, as compared to last year. On the other hand, web defacement and botnets are two of the major security threats. In April 2009, the Conficker worm caused a major threat to users by infecting victims’ computers and turning them into members of a global Botnet, without the users’ knowledge. In collaboration with the HKCERT, we have closely monitored the possible effects of the Conficker worm on Hong Kong and promptly advised computer users of its existence and how to protect against it. We monitor all incoming network traffic and carry out analysis of incidents. On discovering suspected attacks, appropriate action will be initiated. Government departments have implemented technical security measures, such as anti-virus software and intrusion detection system to monitor, detect and block potential attacks. We also keep systems up-to-date by applying the necessary patches and fixes. And we have also established incident response and business continuity plans to prepare for attacks.

Ray Roxas-Chua, Chairman, Commission on Information and Communications Technology, The Philippines Cyber attacks are increasing in sophistication and government can only try to keep up. One of our challenges in the Philippines is our lack of cybercrime laws to apprehend and prosecute cybercriminals. The Commission on Information and Communications Technology is pushing for the passage of an Anti-Cybercrime Bill patterned after the Convention on Cybercrime by the Council of Europe. We hope this can be passed prior to the presidential elections next year. The CICT, with help from the South Korean government, is in the process of setting up a National PKI (public key infrastructure) to ensure safer, more secure, reliable and trustworthy online transactions. It is a joint undertaking of the CICT, through the National Computer Center, and others. We hope that by setting up the PKI will help spur the growth of e-commerce and e-government applications by making Filipinos feel safer online.

No comments:

Related Posts Plugin for WordPress, Blogger...