Speech by Mr. John Wong, Assistant Director of Information Technology Services at the "From e-Government to e-Security Conference 2003"
27 - 02 - 2003
Ladies and Gentlemen,
Good morning! It is my pleasure to be invited here today to speak at this Conference. Indeed, I am very impressed by the effort of the organisers in promoting e-government and e-security in Hong Kong.
The Hong Kong SAR Government is committed to making Hong Kong a leading e-business community and digital city in the globally connected world. Information security is an important pillar to support the fast pace with which our e-business environment needs to develop.
Since 1998, when we published our first Digital 21 Strategy for IT development, we have made substantial progress on a number of information security related initiatives to facilitate the establishment of a reliable and secure environment for e-business to prosper. To keep abreast with the technology advancement and ride the new wave of the e-revolution, we have published an updated Digital 21 Strategy in 2001. I should like to provide you with a snapshot of how we stand.
Legal Framework
Back in 1993, through amending the Telecommunication Ordinance, Crimes Ordinance and the Theft Ordinance, we have provided the legal recognition and protection of electronic information and strengthen our legislation against computer related crime. And in early 2000, we enacted the Electronic Transactions Ordinance to provide a clear legal framework and giving electronic records and electronic signatures the same legal status as their paper-based counterparts, which greatly enhanced businesses and individuals・ confidence to conduct transactions electronically.
In view of the fast changing environment in the e-business arena, the then Information Technology & Broadcasting Bureau completed a public consultation exercise in April last year to gather public input for the review of the Ordinance. They have collected 40 responses from a wide cross section of the community. This kind of public response is very encouraging and we are working closely with our Commerce, Industry and Technology Bureau colleagues on these comments and preparing for the proposed enhancements to the Ordinance.
Other legislation such as the Personal Data (Privacy) Ordinance and the Copyright Ordinance are also examples of those solid legal framework to facilitate the development of a more secure and trustworthy electronic environment.
Technical Infrastructure
We have established a security architectural framework through the provision of the Public Key Infrastructure and the Voluntary Recognition Scheme for Certification Authorities, which has greatly improved public confidence in doing electronic business by enhancing the confidentiality, authenticity, integrity, and Non-repudiation aspects of electronic transaction.
Since early 2000 when Hongkong Post established the first Recognized Certification Authority for Hong Kong, we already have four Recognised Certification Authorities, including the one operated by the Hongkong Post, to provide the public the choice and flexibility of services to different e-business requirements.
Operation Support
We also facilitated the establishment of the Hong Kong Computer Emergency Response Team Co-ordination Centre (HKCERT/CC) in February 2001 which greatly improved Hong Kong・s capability to respond to information security incidents. Last year (2002), HKCERT/CC has issued 136 security and computer virus alerts on its web site and handled more than six hundred (602) IT security related incident reports from the local public.
Secure Facilities
I would like to mention one of the important IT initiatives in Hong Kong - that is the replacement of some seven million identity cards with a Multi-Application Smart ID Card (or MASC in short) for our citizens. It will be one of the largest multi-applications smart ID card projects in the world.
The MASC employs sophisticated cryptographic techniques to protect users・ data and to ensure that it cannot be fraudulently altered or accessed by unauthorized parties. It will provide a secure platform to facilitate the development of e-government and e-business.
The MASC will be progressively issued starting the middle of this year. Soon you will experience the benefits of the smart ID cards with improved protection on data security, data privacy and greater convenience.
We also adopt the biometrics identification technology on the card to pave the way for automated passenger clearance system in Hong Kong borders. Besides, the cardholders may choose at their option whether to include in their smart ID cards value-added functions, such as the library card function. The cardholders can also opt for a digital certificate free of charge for the first year to be embedded in the card, which will enable them to conduct electronic transactions in a secure manner over the open network.
We believe the MASC has great potential to facilitate business sectors, public organizations and government departments to deliver electronic services in a more secure, efficient and cost-effective manner on a common and convenient platform.
Community Awareness
Notwithstanding all the supporting facilities being put in place, we cannot rely solely on the efforts of the Government or the information security experts without the concerted efforts of the whole community. To develop a secure and reliable e-community, public education plays a key role through raising security awareness and promoting ethics.
During the past few years, we have actively collaborated with a large number of agencies in organizing promotional activities such as exhibitions, seminars and conferences to get the message across. We have also set up a new web site with a view to providing a one-stop portal to enhance the public・s access to various information security related resources and updates. The INFOSEC web site is specially designed with different sections for various groups of computer users, including students and youngsters, parents and teachers, information technology professionals as well as SMEs, allowing different users to effectively obtain information relevant to their own focus.
The web site features a lot of useful contents on information security, including security best practices, guidelines, and case studies; computer crimes and related legislation in Hong Kong, such as information theft, copyright infringement, Internet fraud, publishing of obscene and indecent articles etc.; as well as important news and events on information security, for example the latest computer virus alerts.
We have also recently launched an online user survey to collect public feedback and suggested improvement on the web site. I appeal for your support to visit this portal site at :www.infosec.gov.hk;, and to provide your valuable comments and suggestions to us to make it a really useful channel for increasing awareness and providing references and guidelines on security to the public.
Also, in collaboration with the Hong Kong Police Force and the HKCERT/CC, we shall be preparing an IT security handbook targeted at SMEs and individuals. We believe continuous collaboration amongst public and private sectors is essential in public education, promotion, as well as combating the growing problem and impact of information security.
To dovetail with the launching of the web site, we have also designed new posters and information leaflets on information security for public consumption. Useful tips are given in the leaflets to advise the public on how to protect their computers from being attacked. So far, More than 250,000 copies of information leaflets were already distributed for public reference.
We have over 2.6 million Internet accounts. By any standards we are living in a highly interconnected information world. No single person or enterprise could be completely immune from information security attacks. It is indeed everyone・s responsibility to help secure our information world. With nearly half of our households and 37% of business establishments in Hong Kong connected to the Internet, I'm sure you will agree that our efforts in enhancing e-security are worthy of our cause.
I am delighted to see events like this that provide the opportunity for all of us to exchange ideas and share the insight of our industry experts on information security. I am sure your participation in the conference will be a rewarding experience.
Finally, I would like to congratulate the organisers for successfully staging this important event. I wish the Conference every success.
Thank you.
- END -
|