Archive - Year 2000

Office of the Government Chief Information Officer, The Government of the Hong Kong Special Administrative Region

	Archive > Year 2000 > CTB > Press Releases in Year 2000

Proactive approach to promote awareness of information security

May 22, 2000

Information security is an important issue to tackle if Hong Kong strives to nurture the development of electronic commerce in the digital and globally connected world, Deputy Secretary for Information Technology and Broadcasting, Mr Alan Siu, said today (May 22).

He was commenting on reports of virus attacks and hacking on networked computer systems following the rapid growth in the use of computers, Internet access and electronic commerce.

Mr Siu said that Hong Kong already had in place an effective mechanism in handling information security-related incidents, such as tackling computer virus within Government, disseminating relevant information to the public, educational and promotional activities to enhance public's awareness of information security, etc.

"Considering the increasing popularity of computer usage in the community, the Government, partnering with other relevant support organisations and industrial association, will step up the educational and promotion efforts on public's awareness of information security," he said.

The Director of Information Technology Services, Mr Lau Kam-hung, said the Government has placed great emphasis on the security of its computer network and in particular on the use of the Internet.

The Government has adopted a four-prong approach in tackling IT intrusion in the Government computer network, namely -

establishment of IT security policy guidelines for adoption by Government departments;
installation of security devices, including hardware, software and the adoption of security procedures. These include the development of an in-house Central Internet Gateway system to enable Government users to gain secure access to the Internet through a centrally managed gateway;
continuous monitoring and control of all incoming network traffic with automated tools. These tools enable us to perform log analysis on incidents and to take action or give alert on any suspected attack; and
regular review and assessment on our exposure to security risks. System administrators in Government departments are required to perform periodic security assessment and auditing to verify and improve the security level of all Government network systems on an ongoing basis.

Mr Lau said the Information Technology Services Department (ITSD) had regularly issued guidelines and provided up-to-date information on computer virus. Government bureaux and departments have also been advised to install anti-virus software for protection of personal computers and network; apply up-to-date virus signature file; and scan files attached in e-mails with up-to-date anti-virus programme before use.

In addition, the ITSD closely monitors information on computer security made available by international and local organizations to keep abreast of the trends of computer security attack and solutions available against such attack, and organizes seminars on IT security for the public to promote their awareness on information security.

"To increase public awareness on computer virus, ITSD has posted anti-virus information on the department's and Government Information Centre websites for access by the public. Free anti-virus tools are also available for downloading," Mr Lau said.

"The ITSD will give virus warning to alert the public through the media and its web site.

"ITSD will also publish leaflets on IT security to be distributed to the public and to subscribe articles to newspapers on IT security. We shall include IT security as a promotional theme when we participate in various exhibitions and shows," Mr Lau said.

Mr Siu said the Government supported the establishment of a CERT (computer emergency response team) in Hong Kong to provide a centralized contact on computer incidents reporting and responses to local enterprises and Internet users in case of network security incidents.

"Prevention of information security risks however should not be the sole responsibility of the Government but requires close collaboration of the industry and IT players. The Government would facilitate the establishment of a local CERT to be operated by a non-profit making body.

"Given the rapid development of IT, in particular the Internet, it is essential that the CERT should be able to flexibly and responsively respond to market demand and changes, and to tap external expertise where necessary. Private sector involvement will enable a more responsive, efficient and effective mode in the delivery of CERT services," he added.

The Hong Kong Productivity Council (HKPC), together with the Hong Kong University of Science & Technology, has submitted a proposal to the Innovation and Technology Fund (ITF) to launch an education and training programme to raise public awareness on computer security problems and to examine the mode of operation of CERT overseas.

The proposal aims to pave the way for setting up a CERT in Hong Kong. The relevant ITF vetting Committee has recommended the proposal for funding approval. An announcement of the funding decision will be made soon.

Mr Siu noted that the HKPC intends to set up a CERT in Hong Kong within this financial year and is making arrangements for partnering with major IT security vendors in the provision of information relating to security risks.

- END -

Top

2003

| Important notices | Privacy Policy

Last review date : 31 August 2008