Update on information security
Overall situation of information security
Referring to the Administration’s statistics on the security incidents and technology crimes, Mr CHAN Chun-ying noted that the Hong Kong Computer Emergency Response Team Coordination Centre (“HKCERT”) received 10 081 security incident reports in 2018, the majority of which belonged to one of the three main categories, i.e. botnet (3 783 cases), malware (3 181 cases) and phishing (2 101 cases). Meanwhile, the Hong Kong Police Force (“HKPF”) recorded a total of 7 838 technology crime cases. He enquired about the difference between the two sets of statistics compiled by HKCERT and HKPF and whether there was overlap between them. Mr CHAN also queried why HKPF had not published statistics on hacker intrusion as HKCERT had
S for IT said that the number of cases reported in HKCERT’s statistics were “security incidents” which might or might not involve a crime as defined in the law. Government Chief Information Officer (“GCIO”) advised that there might be overlap in HKCERT and HKPF’s statistics. For example, among the 47 hacking activities recorded by HKPF, some involved hacker intrusion/web defacement incidents handled by HKCERT which might be included in the latter’s statistics. He added that some of the security incidents such as malware attacks were referred to HKCERT by its overseas counterparts rather than being reported by victims.
Mr CHAN Chun-ying noted that HKPF recorded three e-banking fraud cases in 2018. He enquired about the difference between those cases and other online fraud cases. GCIO responded that the three cases under the category of “e-banking fraud” were related to e-banking sector directly.
Technology Voucher Programme
Mr CHAN Chun-ying asked how much of the subsidies granted under TVP were used by SMEs in improving information security, whether SMEs had the knowledge and expertise of purchasing the right information security solutions that suit their needs, and whether they had difficulties in coming up with the fund to match the subsidies from the Government under TVP.
S for IT indicated that TVP had demonstrated to be useful to support SMEs in using technological services and solutions to improve productivity, upgrade or transform business processes and enhance information security. GCIO added that the TVP Committee had received about 1 000 applications so far, of which about 130 applications related to information security were approved, representing a seven-fold increase over last year. It was evident that there were more SMEs making applications under TVP to improve security of information systems.
Measures to tackle cyber security threats in Government
Mr CHAN Chun-ying pointed out that many commercial organizations engaged hackers to test the robustness of their systems. He asked whether the Administration would adopt similar measures to identify areas of improving its security system. S for IT confirmed that the Government had conducted ethical hacking on its systems and, at the same time, conducted risk assessments on a regular basis and implemented multiple layers of security measures, including firewalls, intrusion detection and prevention systems
Human resources in information security
Mr CHAN Chun-ying noted that the Administration had introduced the Technology Talent Admission Scheme to expedite the admission of technology talent to undertake research and development activities in Hong Kong. He asked what other measures the Administration would implement to attract overseas information security talent to work in Hong Kong. GCIO responded that the first Talent List of Hong Kong included 11 professions, including experienced cyber security specialist, who could contribute to the development
Public awareness and education
As regards the progress of the second round of cyber security campaign launched by HKPF in 2018, Mr CHAN Chun-ying enquired about (a) the number of downloads of mobile anti-virus and scanning software; (b) whether the feedback from members of the public was positive; and (c) whether, upon the completion of the campaign, the Administration would continue to provide free malware cleaning and removal tools for the public to protect their mobile devices. GCIO advised that HKPF would continue with the on-going efforts in raising public awareness in protection of mobile smart devices. He undertook to ask HKPF to provide information requested by Mr CHAN after the meeting.
Digital terrestrial television – analogue switch-off
Digital terrestrial television assistance scheme
Mr CHAN Chun-ying and Mr Alvin YEUNG surmised that the 180 000 households who still used analogue TV sets were mostly financially in need. They asked why there were 20 000 of these households who might not be eligible for assistance under the Scheme. Mr CHAN also asked what qualified for a “basic model digital TV set” under the Scheme.
Permanent Secretary for Commerce and Economic Development (Communications and Creative Industries) (“PS(CCI)”) said that, according to a survey conducted in late 2017, about 180 000 households were estimated to be receiving analogue TV services only. According to the survey, respondents who had not switched to digital TV services cited different reasons, and not necessarily due to a lack of means. For example, some chose to keep their old analogue TV sets because they seldom watched TV, some said that their TV sets were still functional, while others said that they usually watched TV programmes online using computers or mobile devices.
PS(CCI) added that under the Scheme, eligible households would receive assistance to either replace their analogue TV set with a basic model digital TV set or install a “set-top” box to their existing TV set. The Administration would consult the CCF Task Force and Commission on Poverty (“CoP”) on the implementation details, including the specification of a “basic model digital TV set”.