Hong Kong Industry Pushes For Internet Emergency Response Team

The Internet business community in Hong Kong is pushing for a local version of Carnegie Mellon’s Computer Emergency Response Team (CERT), the American coordination center for all computer security incidents related to the Internet.

“A draft proposal was written and it is being reviewed before it will be submitted in late February,” said Chester Soong, secretary of the Hong Kong Internet Service Providers’ Association (HKISPA), and managing director of local provider Global Information Networks Ltd. “We hope to get the plan approved by middle of the year and start building the center in 3rd quarter this year.”

The Hong Kong version of CERT will have similar functions as the American model including central operational support for all computer security incidents between vendors and users, research and development of security tools and applications, and
education and training for organizations’ in-house security teams and to promote public awareness.

“The basic missions will be the same as CMU’s CERT CC,” Soong told Asia.InternetNews. “However, we will probably be more active in providing technical assistance and public awareness in IT security issues, since this is what Hong Kong is lacking.”

According to CERT’s proponents, it is needed in Hong Kong because of the Internet industry’s tremendous growth over the last few years. Individual Internet users have accumulated to over 600,000, not including the corporations that are online.

CERT’s backers in Hong Kong believe that the security risk factors increase as more and more corporations are using the public network to share and transmit information internally and externally.

According to the Hong Kong Police, the number of computer crimes in 1998 were double those that occurred in 1997.

“From the Chief Executive’s Report to Mr. K.C. Kwong’s Digital 21 Strategy, the direction to make Hong Kong the Internet hub and leading IT center in Asia has been emphasized over and over again,” added Soong. “Without a secure operating environment and a strong support to the industry, Hong Kong will not achieve these goals.”

Industry leaders want the Hong Kong Government to fund and implement the emergency response center. So far, however, the government has left it to the Internet industry to organize the CERT project.

“Europe, US, Singapore, Japan, and Korea all have similar organizations,” said Charles Mok, chairman of the HKISPA and general manager of HKNet Co Ltd. “This is something the government needs to implement as part of the infrastructure.”

“I am sorry to say that the Hong Kong government has the wrong idea about CERT. It thinks CERT helps only the Internet community,” commented Soong. “This was true ten years ago when it was first founded. But it certainly affects more than just Internet related incidents today.”

The government has not agreed to support the project by direct funding, but it will, according to Soong, consider using its Industry Support Fund (ISF). Moreover, the proposal is getting a positive response and written support from various government officials.