Search Menu
Language Menu
Mobile Menu
Search
OGCIO
Home
What's New
Recent UpdatesPress ReleasesSpeeches & PresentationsLegislative Council PapersGalleryPublicationsConsultationsGeneral NoticesCirculars/Notices to IT Contractors & Suppliers
Speeches & Presentations
< Back
10-05-2018

Keynote Speech by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security & Digital Identity), at the “3rd Total Security Conference Hong Kong”


Mr. Read (Mr. Shane Read, Chief Information Security Officer of Noble Group), distinguished guests, ladies and gentlemen,

Good morning!  I am delighted to join you here today at the “3rd Total Security Conference Hong Kong”.  The conference provides an excellent opportunity for industry leaders, experts and professionals to connect and share their insights in the future landscape of cyber security, as well as the ways to adapt to the evolving security environment.  I would like to offer my warmest welcome to all participants, in particular those who are from overseas.

The theme for this conference is “Securing the Critical Enterprise Assets in IoT, Mobile and Cloud Environment”.  Nowadays, the growing popularity of mobile devices have brought great convenience to businesses and the general public.  Complementing cloud services and Internet of Things (IoT), they are benefiting our lives in all aspects.  Sharing the same vision, the Government released the Smart City Blueprint for Hong Kong in December last year (2017) with an aim to address urban challenges, uplift quality of living and improve our society.  Take an example from the Blueprint, we are going to implement a multi-functional smart lampposts pilot scheme.  By making the best use of innovation and technology, we aim to facilitate collection of real-time data to enhance city management and other public services.  New opportunities aside, smart city development will also bring forth new challenges to cyber security.  As the Government attaches great importance to cyber security, it constitutes an important pillar of smart city development.

Getting more diversified and sophisticated, cyber threats are no longer localised in today’s interconnected world.   The challenges of cyber security are getting tougher and more complicated.  According to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), which is the centre for coordination of computer security incident response for local enterprises and Internet users, the proliferation of organised and technical cyber attacks will continue.  Moreover, attacks on cloud and IoT services will be on the rise while different computer and mobile platforms will be used as launch pads for massive attacks.  As an international city, it is inevitable for Hong Kong to face cyber attacks from various origins.  Therefore, all of us should stay vigilant against all possible cyber threats.

Here, I would like to share with you some principles in information security management.  Firstly, information security is no longer an operational issue within an organisation.  A structured and well-orchestrated governance should be established with well-defined roles and responsibilities, in order to achieve better control over IT security matters.  Within the Government, we have established a comprehensive information security management framework to coordinate and promote IT security.  In every government department, a senior officer will lead the overall information security management to ensure proper controls are in place.

Secondly, effective security policies and guidelines are the foundation of information security in an organisation.  In particular, they should be clear and concise for observance by all staff members.  Within the Government, we have put in place a comprehensive set of security policies and guidelines with reference to the international standards, including ISO27001 and COBIT 5, for use by government departments.  The public and private sectors are also encouraged to adopt international standards in information security so as to keep pace with industry best practices.

Thirdly, essential technological measures with proper operational support are indispensable to protect corporate digital environment.  To safeguard digital assets on corporate networks and computer systems, it is crucial for organisations to understand their own defence capabilities and adopt appropriate security controls, such as firewalls, intrusion prevention systems, anti-malware solutions, etc.  To prevent security incidents, the Office of the Government Chief Information Officer (OGCIO) proactively scans and detects potential threats for the Government, and closely monitors the daily operation of our information systems.  This enables us to have a clearer awareness of the security threats surrounding us, which in turn reduces security risks.

As the cyber security landscape keeps on evolving, it is vital to transform IT security management from the traditional passive mode to a more proactive approach.  This includes, for example, a well-planned cyber security incident response mechanism that enables an organisation to get back to normal operation efficiently.  Within the Government, we have promulgated a comprehensive practice guide detailing the incident handling and response procedures for observance by all government departments.  This practice guide is also available on OGCIO’s website for reference by the public.  In addition, it is of great importance for organisations to conduct regular risk assessments and audits, especially by an independent party.  It is also crucial that security drills be performed regularly to ensure the effectiveness of protection and readiness of the contingency arrangements against different cyber threat scenarios.

With the proliferation of mobile, cloud and IoT technologies, the fields of information security have evolved significantly.  As a result, an extended perimeter in relation to cyber security should be defined.  As a facilitation effort, the OGCIO puts up a Cyber Security Information Portal (www.cybersecurity.hk) to provide practical advice, guidelines, tips and techniques for general users and organisations.  You are welcomed to visit the website for reference.  Moreover, with the enhanced adoption of cloud services, the OGCIO has also established a one-stop portal “InfoCloud” (www.infocloud.gov.hk) for businesses, in particular small and medium enterprises, to handily access information on cloud computing technologies.  You will find useful resources on this portal, including practical cases and guidelines for achieving the desired level of security protection when adopting cloud services. 

Apart from security management and measures, user awareness is of utmost importance in managing cyber risk effectively.   We know that some highly-sophisticated cyber attacks would ride on human negligence, it is therefore fundamental to promote security awareness across the organisation on a regular basis, and provide training to ensure that all staff members understand security risks, observe security policies, and conform to security best practices. 

Concerted efforts from the Government, the industry and the public are essential in protecting our information systems and data assets.   As the cyber threat landscape is changing constantly, we need to keep abreast of the latest threat information so that timely mitigations can be taken.  Within the Government, we have established the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) to closely liaise with the HKCERT and other regional CERTs to enable timely sharing of information on security threats, vulnerabilities and security incidents.  Moreover, to facilitate the more effective sharing of cyber risk information with the community, we will, later this year, launch a cyber security information sharing platform on a pilot basis with the local industry, enterprises, critical information infrastructures, etc.  This initiative aims to promote trusted partnership of local stakeholders across sectors for sharing information and making analysis on cyber security risks.  It will also provide actionable insights for our stakeholders and the general public, thus enabling them to take proactive measures to tackle imminent security risks.

In conclusion, significant cyber risks usually emerge in small scale and then proliferate.  If the threats could be identified and eliminated at an early stage, the cost for protection would be kept to a minimum.  Hence, all of us must take a proactive part in cyber security, as it is no longer the responsibility of a single entity.  The Government, various business sectors, professional bodies and the general public must join hands in guarding against cyber threats, in order to make Hong Kong a digitally safe economy.

Lastly, I would like to wish you all a fruitful and insightful conference.  Thank you.

- ENDS -

The Best is Yet to Come - Innovation and Technology
The 2024-25 Budget
The Chief Executive’s 2023 Policy Address
Facilitating of the Cross-boundary Data Flow within the Greater Bay Area
Exhibition of the 3rd Anniversary of Hong Kong National Security Law
You can stop corruption. Report Now!
ICT Outreach Programme for the Elderly
MSW Charging
Let Social Enterprises Bloom!
Legislative Control of Cannabidiol (CBD)
National Security Education Day
“Maker in China” SME Innovation and Entrepreneurship Global Contest - Hong Kong Chapter)
Electronic Health Record Sharing System (eHealth)
Improve Electoral System Ensure Patriots Administering Hong Kong
Support Clean Elections
iAM Smart Safe and Swift
CSDI website
Safeguarding National Security
Multi-functional Smart Lampposts
Fact Sheet : Office of the Government Chief Information Officer
ICT Event Calendar
Smart Government Innovation Lab
talent.gov.hk
New Patent System
Prohibition on Face Covering Regulation
Elderly IT Learning Portal
Hong Kong Legal Hub
Guangdong-Hong Kong-Macao Greater Bay Area
Cybersec Infohub
Corruption Prevention Advisory Service
Approved Fund-raising Activities
Cyber Security Information Portal
Hong Kong's Legal Services
IT Career Role Models Platform
Hong Kong Smart City Blueprint Portal
Web Accessibility Campaign - Making Web Content Available for All
Mutual Recognition of Electronic Signature Certificates issued by Hong Kong and Guangdong
The InfoCloud portal
Marketing Consultancy Office (Rehabilitation)
Developing Datacentre in Hong Kong
Wi-Fi․HK
GovHK Website
Government Computer Emergency Response Team Hong Kong (GovCERT․HK)
DATA․GOV․HK
CCLI Webste
CEPA
Hong Kong/Guangdong Expert Group on Co-operation in Informatisation
Hong Kong ICT Awards
INFO SEC
Student IT Corner
PreviousNext