[ISN] How is government coping with cyber crime?

From: InfoSec News <alerts_at_private>
Date: Tue, 22 Sep 2009 03:05:34 -0500 (CDT)
http://www.futuregov.net/articles/2009/sep/22/how-government-coping-cyber-crime/

By Robin Hicks 
FutureGov
22 September 2009

What are governments doing to ensure that critical online operations 
remain operational when under attack from cyber criminals? FutureGov 
asked senior civil servants in Taiwan, Hong Kong, China and the 
Philippines to reveal how they are preparing their defences against 
hackers


Hsiang-Chen Li, Director of Computer Centre
National Police Agency of Taiwan

Hacking in Taiwan gets more serious by the year. In 2008 the National 
Police Agency detected more attacks than in any other year - 44, which 
is around three to four hacks a day. It is interesting to note that the 
age range of hackers in getting younger too. Almost one half of the 
hackers we know about in Taiwan are between the age of 12 and 17 years 
old, while the rest are between 18 and 23. The problem is allowed to get 
worse -nd it will, most likely – -cause more people are using the 
internet in their daily and working lives. The average length of time 
Taiwanese spend on the internet is at least two hours each day, which 
leaves a lot of time for hackers to steal confidential information. They 
then sell it to criminal gangs, commit fraud or intimidate people with 
it. We started tackling the problem back in 1996. We created a Computer 
Crime Squad within the police department, and two years later all law 
enforcement units – including the district attorney – had a task force 
to handle internet crime. Also, the government established N-CERT and 
N-SOC in 2001 – initiatives to protect information infrastructure. We 
are also trying to connect with other countries since most hack attacks 
were launched from abroad.


Pang Yandong, Director of Information Industry Office 
Government of Maoming City, China

Information dissemination through web sites as a mean of promoting 
openness in government affairs is becoming increasingly important in 
China. And government portals are becoming a key platform for 
communication between government and citizen. But these platforms are 
magnetic for hackers. Our administrative web site in Maoming City has 
received many attacks at escalating cost in terms of disruption and down 
time. And they are using a variety of methods. Hackers hack into 
operating systems and expose vulnerabilities in control servers. They 
have been able to crack the system password, launch denial-of-service 
attacks, take over the server upload process and tamper with databases 
and page codes. We have been tackling the problem in the following ways. 
The first is to strengthen the information security system. Second, to 
increase user awareness of information security. This involves training 
network administrators regularly, so that we know how to cope with an 
attack. We also ensure that we have the most up-to-date security 
settings and that users change their passwords regularly. And in the 
event of an attack we record precisely how the hacker got through our 
system, and make notes on how we rectified the system – and how we might 
do it better next time.


Stephen Mak, Deputy Government Chief Information Officer
Government of Hong Kong

Hacking remains one of the major threats that users and providers of IT 
should guard themselves against. The Hong Kong Computer Emergency 
Response Team Coordination Centre (HKCERT) monitors info-security 
threats in the community. According to them, there is no evidence of a 
growing trend in the number of hacking activities in Hong Kong, as 
compared to last year. On the other hand, web defacement and botnets are 
two of the major security threats. In April 2009, the Conficker worm 
caused a major threat to users by infecting victims’ computers and 
turning them into members of a global Botnet, without the users’ 
knowledge. In collaboration with the HKCERT, we have closely monitored 
the possible effects of the Conficker worm on Hong Kong and promptly 
advised computer users of its existence and how to protect against it. 
We monitor all incoming network traffic and carry out analysis of 
incidents. On discovering suspected attacks, appropriate action will be 
initiated. Government departments have implemented technical security 
measures, such as anti-virus software and intrusion detection system to 
monitor, detect and block potential attacks. We also keep systems 
up-to-date by applying the necessary patches and fixes. And we have also 
established incident response and business continuity plans to prepare 
for attacks.


Ray Roxas-Chua, Chairman, Commission on Information and Communications 
Technology, The Philippines

Cyber attacks are increasing in sophistication and government can only 
try to keep up. One of our challenges in the Philippines is our lack of 
cybercrime laws to apprehend and prosecute cybercriminals. The 
Commission on Information and Communications Technology is pushing for 
the passage of an Anti-Cybercrime Bill patterned after the Convention on 
Cybercrime by the Council of Europe. We hope this can be passed prior to 
the presidential elections next year. The CICT, with help from the South 
Korean government, is in the process of setting up a National PKI 
(public key infrastructure) to ensure safer, more secure, reliable and 
trustworthy online transactions. It is a joint undertaking of the CICT, 
through the National Computer Center, and others. We hope that by 
setting up the PKI will help spur the growth of e-commerce and 
e-government applications by making Filipinos feel safer online.



________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Sep 22 2009 - 01:05:34 PDT

This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 01:26:25 PDT