Computer emergency center opens in HK

The Hong Kong government last week launched the Computer Emergency Response Team (CERT) in a bid to coordinate computer security issues in this Special Administrative Region of China.

The CERT was launched with HK$10.7 million (A$2.45 million) from the government's Innovation and Technology Fund and will be operated by the Hong Kong Productivity Council (HKPC). The organization's mission is to "collect information relating to computer security such as (the) latest viruses, security (weaknesses) and countermeasures, and disseminate (them) to the public," according to K.T. Yung, general manager, Information Technology Division of HKPC.

Last May, when the "I Love You" virus hit town, Hong Kong was found wanting of a central body to issue warnings and advise local users. The CERT will plug this gap, according to Thomas Tang, executive director of HKPC.

"(CERT) aims to provide a centralized contact on computer security incident reporting and response for local enterprises and Internet users. In addition, the center will coordinate computer security response and recovery actions, identify and analyze vulnerabilities and take preventive measures against security threats," Yang said.

A Web site,, and a newsletter containing security-related information, such as checklists and alerts, will be the CERT's main channels for informing the public of computer security issues. CERT will also organize awareness and training programs to improve public understanding of the issues, according to HKPC's Yung.

To answer public inquiries on computer security, CERT operates a hotline at +852-2788-6060 around the clock to address emergency needs, Yung said. In the case of a virus outbreak the center will then alert the public to the threat via the media, he added.

Yung noted, however, that for reports that might be connected to criminal offenses, the CERT will advise affected parties to report these matters directly to the police.

The government's move in setting up the CERT has been generally applauded by industry players.

"It is absolutely necessary to have a CERT in Hong Kong, it will provide a (vital) coordination role and will act as a trusted source of information and alerts for the Internet-using public and organizations," said Allan Dyer, chief consultant, Yui Kee Computing, a Hong Kong-based anti-virus consulting firm.

"This is certainly good news for the local business community," said Roger Chung, Asia-Pacific regional product marketing manager of anti-virus vendor Symantec, which holds seats on the advisory board of the CERT.

"There's a place that people can turn to for help. ... The most important thing is that the center is neutral and thus can give independent advice to those in need," Chung added.

The timing of CERT's arrival and the target audience it serves did meet with some criticism.

"The biggest criticism is that (the government) didn't start early enough. We need a CERT to be a regional IT hub," said Dyer. "Some people were talking about setting up a CERT four or five years ago, but they couldn't get funding. (Singapore's) CERT was founded in 1998. The original CERT coordination center was founded 11 or 12 years ago," he added.

Daniel Lai, chairman of the Hong Kong Computer Society, welcomed the establishment of CERT, but was concerned that its focus was on the needs of the small and medium-sized enterprises (SMEs) only. Large companies, Lai pointed out, often suffer from bigger losses in the case of computer security-related incidents.

Lai suggested that the CERT should work to build up a network between enterprises with large IT operations in Hong Kong to foster information exchange between the companies and the center.

"These larger enterprises often have a high level of expertise in dealing with security issues which CERT can tap into," Lai said.

Symantec's Chung, however, argued that even if CERT caters more to the needs of SMEs, this direction is correct.

"Most of the companies in Hong Kong are SMEs and (they) usually don't have the in-house expertise and know-how to handle IT issues. They're the ones that needed this service most," Chung said.