SearchLanguageMobile menu

OGCIO

09-05-2019

Opening Keynote Speech by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security & Digital Identity) , at the “4th Total Security Conference Hong Kong”

Distinguished guests, ladies and gentlemen,

Good morning.  It is my great pleasure to join you all at the 4th Total Security Conference Hong Kong.  This Conference provides an excellent platform to bring together industry leaders, experts and professionals to share insights and experience in cyber security.  First of all, I would like to extend my warmest welcome to all participants, whether from Hong Kong, the Mainland or overseas.

The theme for this year’s conference is “Integrated and Efficient Security and Risk Governance for Digital Enterprises”.  Today, it is imperative for enterprises to deploy up-to-date technologies and solutions to increase competitiveness and enhance operational efficiency.   By taking the benefits of digital transformation, enterprises can increase their potential performance and business agility to better serve their customers.  The Hong Kong Government encourages local enterprises to embrace new technologies in transforming their businesses.  We launched a Technology Voucher Programme (TVP) under the Innovation and Technology Fund since 2016 to support local companies, including small and medium enterprises, in procuring services and solutions to upgrade or transform their business processes.  Following the Budget Speech 2019-20, the Programme has become a regular scheme with further enhancement measures, including doubling the ceiling of the financial support and expanding the eligibility criteria.  Now all local enterprises except those listed companies can apply for a maximum of HK$400,000 for deploying new technology solutions or services.  As of March 2019, the TVP Committee has approved over 1,000 applications for funding at a total amount of $149 million.  Among these, there were about 130 applications involved cyber security or systems upgrade, with a total funding of about HK$16 million.  To cope with the constantly changing cyber threat environment, I encourage organisations to seek financial assistance under this programme to acquire services and solutions to strengthen their cyber security.

Apart from that, to facilitate SMEs’ coping with the evolving cyber threats, the Hong Kong Internet Registration Corporation (“HKIRC”) is going to provide free technical support services to all SMEs using ".hk" domain names.  The services would cover website vulnerability scanning, identification of system deficiencies, and advisory for security improvements.  Please stay tuned for further details to be announced by HKIRC later this year.

During the course of digital transformation, it is important to coordinate among all stakeholders to defend against cyber threats.  The Government has all along been playing an active role in synergizing the local efforts to improve our defence capability.  Within the Government, we established the Government Computer Emergency Response Team Hong Kong (“GovCERT.HK”) to coordinate information and cyber security incidents.  In the community, we set up the Hong Kong Computer Emergency Response Team Coordination Centre (“HKCERT”), providing support to local enterprises and Internet users in relation to computer security and incident handling.  In addition, the Cyber Security and Technology Crime Bureau under the Hong Kong Police is responsible for combating technology crime as well as for preventing and detecting cyber attacks on critical infrastructure.  We three parties work closely together to exchange cyber threats information and organise relevant promotional campaigns, conferences and seminars so as to educate the public to protect against cyber attacks.

As we are living in an interconnected world, cyber security is no longer a local matter.  Coordinated efforts from stakeholders across different regions are required in order to strengthen capabilities against globalised cyber attacks.  The GovCERT.HK plays another important role to collaborate with the CERT community around the world and share threat intelligence and incident handling experience.  To foster the collaboration with international security experts, GovCERT.HK participates in various international conferences and trainings organised by the global CERT community.  

As cyber attacks continue to grow in both number and sophistication, the risks of cyber attacks faced by the public also increase.   We must prepare ourselves for the worst, and it is also equally important to develop standardised approaches and procedures in case of breaches and attacks in order to mitigate the risks effectively.  In the Government, we have published the standing Practice Guide for Information Security Incident Handling and regularly reviewed the guide with reference to international standards such as ISO27000.  In order to raise departments’ awareness and response capability in tackling emerging cyber threats, the Government has since 2017 co-organised the annual inter-departmental cyber security drill to strengthen the response capability of government departments through various simulated cyber attack scenarios.  Internationally, we also participated in the annual APCERT Drill to enhance the interaction and communication with local and international CERT teams.  With the above measures, we continue our effort to strengthen our resilience to cope with the rising trends of threats.

The last point I would like to share with you is about the optimisation of multi-stakeholder effort in improving resilience and continuity.  In cyber security defence strategy, it is critical to bring in experts with different experiences in the community who may not normally work together.  In September last year, OGCIO launched a Pilot Partnership Programme for Cyber Security Information Sharing, aiming to promote closer collaboration among stakeholders of different sectors.  Under this programme, the Government has set up a cross-sector sharing platform, namely “Cybersechub.hk”, which enables members of the programme from different sectors to exchange cyber threat information, discuss mitigation solutions and share experiences and best practices effectively.  The members come from a wide spectrum of sectors, including innovation and technology, telecommunications, finance and insurance, healthcare, professional advisory services and non-government organisations.  If your company has not yet joined as members, you are welcome to represent your company to join with the existing 400 representatives of over 120 member organisations to enhance the cyber resilience of your own and Hong Kong as a society.

In summary, emerging technology is now applying on so many fronts.  Enterprises need to review and adapt their risk governance approach correspondingly.  Nowadays, cybersecurity is no longer the sole responsibility of a particular entity.  While the Government is stepping up its effort to combat cyber threats, enterprises should actively collaborate with each other in exchanging ideas, information and experience to enhance the overall security capability of the community.  I believe all of us will continue to learn from each other’s experience and work together to further strengthen the cyber security resilience of our community. Thank you.

- ENDS -