Speech by Mr. Stephen Mak, Acting Director of Information Technology Services at the 3rd e-Security Conference 2002 Hong Kong
30 - 10 - 2002

Honourable Sin, Distinguished Guests, Ladies and Gentlemen,

Good morning! It is my pleasure to be invited here today to speak at the 3rd e-Security Conference 2002 HK. Indeed, this is already the second time this year I was given the opportunity to address this Conference. I am very impressed by the continuous effort of the organisers in promoting information security here.

The Hong Kong SAR Government is committed to making Hong Kong a leading e-business community and digital city in the globally connected world. Information security is an important pillar to support the fast pace with which our e-business environment needs to develop.

Since 1998, when we published our first Digital 21 Strategy for IT development, we have made substantial progress on a number of information security related initiatives to facilitate the establishment of a reliable and secure environment for e-business to prosper. I should like to provide you with a snapshot of how we stand.

Our Electronic Transactions Ordinance was enacted in January 2000 to provide a clear legal framework to support the conduct of transactions electronically by businesses and individuals. In view of the fast changing environment in the e-business arena, the then Information Technology & Broadcasting Bureau completed a public consultation exercise in March/April this year to gather public input for the review of the Ordinance. They have collected 40 responses from a wide cross section of the community. This kind of public response is very encouraging and we are working closely with our Commerce, Industry and Technology Bureau colleagues on these comments and preparing for the proposed enhancements to the Ordinance.

We have established a security architectural framework through the provision of the Public Key Infrastructure and the Voluntary Recognition Scheme for Certification Authorities, which has greatly improved public confidence in electronic transactions. Since Hongkong Post established the first Recognized Certification Authority back in early 2000, it has already issued over 83,000 digital certificates to the public. Today, we already have four Recognised Certification Authorities, including the one operated by the Hongkong Post, to provide the public the choice and flexibility of services to different e-business requirements.

We also facilitated the establishment of the Hong Kong Computer Emergency Response Team Co-ordination Centre (HKCERT/CC) in February last year. HKCERT/CC has greatly enhanced Hong Kong's capability to respond to information security incidents. Last year (2001), HKCERT/CC has issued 156 security and computer virus alerts on its web site and handled more than a thousand (1,086) IT security related incident reports from the local public.

I would like to mention one of the important IT initiatives in Hong Kong - that is the replacement of some seven million identity cards with a Multi-Application Smart ID Card (or MASC in short) for our citizens. It will be one of the largest multi-applications smart ID card projects in the world.

The MASC employs sophisticated cryptographic techniques to protect users' data and to ensure that it cannot be fraudulently altered or accessed by unauthorized parties. It will provide a secure platform to facilitate the development of E-government and E-business.

The MASC will be progressively issued starting the middle of next year. Soon you will experience the benefits of the smart ID cards with improved protection on data security, data privacy and greater convenience.

We also adopt the biometrics identification technology on the card to pave the way for automated passenger clearance system in Hong Kong borders. Besides, the cardholders may choose at their option whether to include in their smart ID cards value-added functions, such as the library card function. The cardholders can also opt for a digital certificate free of charge for the first year to be embedded in the card, which will enable them to conduct electronic transactions in a secure manner over the open network.

With a smart card reader, the digital certificate of the MASC can be accessed from ESD kiosks, public computers at selected locations, and home PCs etc. for electronic transactions. We fully understand that with a critical mass of digital certificate holders, it is expected that a considerable demand for smart card readers for attachment to existing and new computers will be generated in Hong Kong. To gauge the supply situation of suitable card readers for supporting the MASC, we are conducting a survey on the availability of smart card readers in the market this month. Based on the information collected in the survey and further information of the Smart ID Card system development, we shall finalise the interface specification and make it publicly available. We believe this will facilitate the industry in producing or integrating appropriate smart card readers and enabling software to maximize the utilization of the cards when they are rolled out. It will also pave the way for wider adoption by the community. We believe the MASC has great potential to facilitate business sectors, public organizations and government departments to deliver electronic services in a more secure, efficient and cost-effective manner on a common and convenient platform.

Notwithstanding all the supporting facilities being put in place, we cannot rely solely on the efforts of the Government or the information security experts without the concerted efforts of the whole community. To develop a secure and reliable e-community, public education plays a key role through raising security awareness and promoting ethics.

During the past few years, we have collaborated with a large number of agencies in organizing promotional activities such as exhibitions, seminars and conferences to get the message across. We have also recently set up a new web site with a view to providing a one-stop portal to enhance the public's access to various information security related resources and updates. I appeal for your support to visit this portal site at "http://www.infosec.gov.hk", and to provide your valuable comments and suggestions to us to make it a really useful channel for increasing awareness and providing references and guidelines on security to the public. In addition, we are working with the Education Department on a programme on how to promote information security to teachers and students. Also, in collaboration with the Hong Kong Police Force and the HKCERT/CC, we shall be preparing an IT security handbook targeted at SMEs and individuals. The booklet is scheduled to be available by February 2003. We believe continuous collaboration amongst public and private sectors is essential in public education, promotion, as well as combating the growing problem and impact of information security.

To dovetail with the launching of the web site, we have also designed new posters and leaflets on information security for public consumption. Useful tips are given in the leaflets to advise the public on how to protect their computers from being attacked.

We have over 2.6 million Internet accounts. By any standards we are living in a highly interconnected information world. No single person or enterprise could be completely immune from information security attacks. It is indeed everyone's responsibility to help secure our information world. With nearly half of our households and 37% of business establishments in Hong Kong connected to the Internet, I'm sure you will agree that our efforts in enhancing e-security are worthy of our cause.

I am delighted to see events like this that provide the opportunity for all of us to exchange ideas and share the insight of our industry experts on information security. I am sure your participation in the conference will be a rewarding experience.

Finally, I would like to congratulate the organisers for successfully staging this important event again. I wish the e-Security Conference 2002 HK every success.

Thank you.

Please click here to download the presentation material. (923KB)

( To view and print the PDF document, you need to use an Adobe Acrobat Reader. Please click here to download if necessary. )

- END -