Security of computer systems in primary and secondary schools
Following is a question by the Hon Ng Leung-sing and a written reply by the Secretary for Education and Manpower, Professor Arthur K C Li, in the Legislative Council today (February 26):
It has been reported that security loopholes are present in the computer systems in over 20% of the primary and secondary schools and such systems are therefore vulnerable to hacking and stealing of the data stored therein. In this connection, will the Government inform this Council:
(a) of the number of cases reported to the authorities over the past two years in which computer systems in primary and secondary schools ere hacked, and the details of such cases including the losses incurred;
(b) whether it has issued security guidelines to schools concerning the storing of information in computer systems; if so, of the relevant details and the way to monitor their compliance by schools; if not, the reasons for that; and
(c) whether it plans to step up the training for teachers to know the security issues relating to the storing of information in computer systems; if so, of the details?
(a) Over the past two years, six schools reported to the Education and Manpower Bureau (EMB) over suspected hacking of their school computer systems. In these cases, the hackers were said to have attempted to intrude into other systems on the Internet through the school computer systems. There was not any damage to the computer systems and the data stored within. The schools had not suffered any financial loss, but only a brief suspension of their Internet services. They have already stepped up security measures in collaboration with the Internet service providers to prevent further attacks by hackers.
(b) On January 2, 2002, we issued the "Guidelines on IT Security in Schools" to assist schools in formulating information technology (IT) security policies and standards for their computer systems. Five sets of reference materials on IT security have also been compiled for schools since January 2002, with a view to enhancing the awareness of schools on this issue. As to monitoring measures, our officers pay regular visits to schools to promote IT education. They also provide on-site support, assistance and advice to schools if necessary.
(c) We organise various activities including seminars and workshops to enhance the awareness of schools in computer system and network security. There have been joint seminars on IT security in schools with professional bodies like the Hong Kong Institute of Engineers to provide schools with a better understanding of the possible illegal activities on their Local Area Network systems. Seminars on network security have also been organised for the principals and IT coordinators of primary and secondary schools to brief them on the application of computer network security software (e.g. firewall) and related guidelines. From December 2002 to May 2003, five IT security workshops have been planned by the EMB's Centres of Excellence on IT in education to brief schools on the security in computer networks. A web page has also been set up at HKeducationCITY.net, providing schools with up-to-date information on IT security. We will continue to organise various activities such as seminars and workshops to promote knowledge of IT security in schools.
End/Wednesday, February 26, 2003