Archive - Year 2005

Office of the Government Chief Information Officer, The Government of the Hong Kong Special Administrative Region

	Archive > Year 2005 > OGCIO > Speeches and Presentations in Year 2005

Opening Address by Mr. Howard Dickson, Government Chief Information Officer, at the Second Integrated Security Conference & Expo
21 - 4 - 2005

Distinguished guests, ladies and gentlemen,

Good Morning! I am delighted to be invited to give the opening speech for the Second Integrated Security Conference and Expo.

Development of Information Security

Today, information security is an integral part of the information infrastructure for enhancing Hong Kong's e-business environment. When computers were adopted for commercial purposes many years ago, people were mainly concerned about system performance and data back up. Service recovery was needed mostly to cater for equipment failure, sabotage, time bombs in program codes and natural disasters such as fire, floods and earthquake. Computer viruses and malicious hacking were seldom heard about until the end of the 1990s. However, if such attacks ever occurred, the impact then was comparatively milder and easier to tackle than those happening today. Computer users were generally affected by garbage or nuisance messages appearing on their screens, data files corruption and computer breakdown, which could be recovered quite quickly and easily. Those were the days!

Computer Virus and Hacking

Nowadays, electronic service users have to face additional and more sophisticated cyber threats besides software bugs, physical damages, computer viruses spreading or hacker intrusion. Computer viruses often take advantage of vulnerabilities discovered in software. It has been noticed that the time between the disclosure and widespread exploitation of these vulnerabilities continues to shrink allowing very limited time for applying fixes to protect the affected computer systems. This is a really serious concern as computer viruses are becoming more ferocious and destructive - many of them can penetrate network firewalls in many ways, multiply themselves and propagate at great speed, search the address books of the victim computers, put on false identity to dispatch harmful emails to the victim's friends, and paralyze the computer network. You may recall that there had been a few incidents of computer virus attack which actually affected millions of computers worldwide within a short time and even caused adverse impact on flight schedules.

Email Spamming

In the Internet age today, people are increasingly utilizing computer networks for communicating and trading. The popular use of electronic mails (emails) has kept the world busy round the clock throughout the year, and email has become an indispensable tool in every facet of daily activities. For example, using automated tools, advertisements and propaganda material can be distributed more efficiently and in large quantity by electronic mailing. Unfortunately, the dark side of this development is that some people misuse emails to achieve malicious intents by sending unsolicited bulk messages, generally known as spam such as the notoriously known Nigerian email, pornographic material, drugs and undesirable advertisements, etc. According to a recent survey conducted by the Hong Kong Internet Service Providers Association, spam had risen to account for around 60% of all emails, with individual members experiencing as much as 90% of their emails being spam. Many spam emails are also used for spreading viruses, opening up backdoor access to hackers, implanting spyware, and facilitating cyber-crimes such as phishing or fake website, etc. For example, it has been reported that a fake e-mail disguising to be from the U.S. Federal Bureau of Investigation (FBI) is circulating on the Internet carrying a computer virus as its payload.

Anti-spamming Campaign

Recently, a New York teenager has become the first American to be arrested for sending 1.5 million messages by creating thousands of fraudulent IM accounts to bombard MySpace.com users, punting mortgage refinancing and adult pornography during October and November 2004. To prevent Hong Kong from becoming a safe haven sheltering illicit spammers, the Government is determined in combating the spam problem. In February 2005, the Government has launched a campaign entitled "STEPS" in fighting the spam epidemic. "STEPS" covers five key areas, i.e. strengthening existing regulatory measure, technical solutions, education, partnerships and last but not the least, statutory measures. In fact, various anti-spam measures are being undertaken worldwide, and some countries have established relevant legislations such as the CAN-SPAM Act in US. We will, as soon as possible, introduce legislation against spam and implement a package of non-legislative measures to support the "STEPS" campaign. This would also facilitate cooperation with overseas jurisdictions with similar legislation in investigation and enforcement work against spammers. Like computer virus, spam may never disappear completely but we aim to contain the problem as far as possible. It is important in the anti-spam battle that everyone plays a part by denying the offers of the spammers or, better still, not responding to them at all.

Enhancing Information Security

As you know, tackling spam is just one important initiative in our effort of enhancing information security of the electronic business environment of Hong Kong. To facilitate the development of a reliable and secure e-community, we need the efforts from all quarters of our community in a united front, and must uphold high standards of security and data protection. For example, computer users have to apply patches promptly in order to block the outbreak of new computer viruses. To set a good example, the Government has set up internally an information security management structure to advise on and oversee information security policy and strategic matters, as well as having well-established departmental procedures to implement various security measures and protective technologies to protect Government's information systems.

As part of the infrastructure for supporting and educating the community in information security, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) was set up to respond to information security incidents and provide the public security alerts information and access to relevant information on security matters. On the promotion of awareness and public education of information security matters, the InfoSec website was launched to disseminate information on the latest issues and hot topics on information security, such as computer virus, email spamming, wireless security, computer crimes case study and related legislation, etc. We also launch radio episodes and TV feature as well as collaborate with the industry to organize seminars, conferences, and/or exhibitions for user education. On the protection of the critical IT infrastructure in Hong Kong, the Hong Kong Internet Infrastructure Liaison Group (IILG) serves as a liaison channel among major stakeholders of the Internet Infrastructure of Hong Kong for sharing information infrastructure, intelligence, experience and best practices with a view to ensuring the stability, security, availability and resilience of the Internet infrastructure.

Conclusion

I would appeal to everyone to put our efforts together to safeguard information security, adopt good practices and stay vigilant. With the collaboration of the industries and the public, we will continue to position Hong Kong as a leading digital city in the world.

Finally, I wish this conference every success.

- END -

Top

2003

| Important notices | Privacy Policy

Last review date : 31 August 2008