SearchLanguageMobile menu

Opening Keynote Speech by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security & Digital Identity) , at the “(ISC)² Secure Summit APAC 2019”

Dear Jennifer (Jennifer Minella, Chairperson of Board of Directors, (ISC)² USA), David (David Shearer, Chief Executive Officer, (ISC)² USA), Wesley (Wesley Simpson, Chief Operating Officer, (ISC)² USA), Dr. Lee (Dr. Lee Jae-Woo, Chairperson, Asia Pacific Advisory Council, (ISC)²), Clayton (Clayton Jones, Managing Director, (ISC)² APAC), distinguished guests, ladies and gentlemen,

Good morning! I am delighted to join you all today at the (ISC)² Secure Summit APAC 2019. Thanks to the continuous efforts of (ISC)² in fostering a safe cyber society, this event brings a valuable opportunity for professionals and experts to share their insights and learning experience in managing cyber security. Here, I would like to extend my warmest welcome to all participants, in particular those who are from overseas.

Riding on the wave of exponential technological advancement in recent years, many organisations are now offering services to their customers in a digital way using innovative technologies. This digital transformation not only reshapes our life style and user experience, but also raises our expectations of service delivery. As part of a recent Asia-Pacific survey, the respondents from Hong Kong ranked security, privacy and compliance as the top three most important elements in the delivery of digital services. In particular, the respondents have the highest expectations of trust from the Government, followed by financial service institutions and healthcare organisations. In fact, the Government attaches great importance to information security. Taking this opportunity, I would like to share with you some of the initiatives taken forward by the Government and different sectors in the community in protecting digital services against cyber attacks in Hong Kong.

Within the Government, we have put in place a comprehensive set of information security management framework, with policies, guidelines and measures to strengthen our overall capabilities in cyber security. To ensure government security is on par with the international level, we make reference to international information security standards, such as ISO 27001, and industry best practice, in updating the said management framework. In addition, each and every government department has to conduct information security assessments and compliance audits regularly on their computer systems and practices. No matter how well a computer system is protected, attacks are somehow inevitable. To ensure our readiness in incident response, we have established government-wide procedures in responding security incidents that may arise. To get our colleagues well practised with the response procedures, an inter-departmental drill has been conducting annually to train up government staff in face of different kinds of cyber attacks.

It is beyond doubt that a reliable critical infrastructure is vital for the provision of digital services. Hence, the Government has all along been working with relevant parties to ensure the cyber safety of critical infrastructure. In this area, the Hong Kong Police Force plays a pivotal role to assist in the prevention and detection of cyber attacks by conducting timely cyber threat analyses and audits. At the same time, the Hong Kong Computer Emergency Response Team (“HKCERT”), funded by the Government, liaises with critical infrastructure sectors and delivers awareness briefings to these organisations so as to safeguard the security environment of Hong Kong.

Cyber security is not just an issue of any single or specific stakeholder. All stakeholders, including the Government, the industry and the public, must work together to address this challenge. In Hong Kong, financial and healthcare service providers have come up with their own strategies in boosting resilience capabilities. For example, in the financial sector, the Hong Kong Monetary Authority launched the Cybersecurity Fortification Initiative (“CFI”) in 2016 to raise the cyber security level of local banks. The banking industry is conducting relevant assessments in phases to strengthen the resilience of the banking system. In the healthcare sector, the Food and Health Bureau together with the Hospital Authority are administering the Electronic Health Record Sharing System (“eHRSS”) to facilitate public-private medical collaboration. This system was awarded the ISO 27001 Certification last year for its information security management system that demonstrates the efforts in making continuous improvements to the services. Moreover, HKCERT adopts a proactive approach to promote cyber security awareness in different sectors of Hong Kong.

In the community, the Government is committed to raising information security awareness among all sectors. To encourage small and medium enterprises (“SMEs”) and other companies in improving their productivity and upgrading their business processes, including the enhancement of security protection, the Government administer a Technology Voucher Programme (“TVP”) under the Innovation and Technology Fund. The programme provides financial support, in the form of matching funds, to incentivise local non-listed companies to adopt technology services and solutions to, among others, strengthen their cyber security. This year, the Government doubled the matching funds to HK$400,000.

To further help SMEs, the Hong Kong Internet Registration Corporation (“HKIRC”) has recently started to provide free technical support services to all SMEs using “.hk” domain names, including website vulnerability scanning, identification of system deficiencies and advisory for security improvements.

In view of the ever-evolving landscape of cyber security, it is vital for different sectors to join hands in defending against cyber attacks. In this regard, OGCIO launched a Pilot Partnership Programme for Cyber Security Information Sharing in September last year, aiming to promote closer collaboration among stakeholders of different sectors. A technology platform, “”, is available to enable members of the programme from various sectors to exchange cyber threat information, discuss mitigation solutions, and share experience and best practices effectively. As of today, more than 130 member organisations from a wide spectrum of sectors are sharing ideas and exchanging views on the platform. The sectors include finance and insurance, healthcare, innovation and technology, manufacturing, non-profit organisations, professional bodies, public utilities, professional consulting services, research and academia, telecommunications, tertiary institutions, transportation, etc. If your company has not yet joined the programme, you are encouraged to represent your company to do so, to contribute to the building of trust in the delivery of digital services.

In light of the mounting cyber threats, it is crucial for us to enhance our capabilities not only to guard against cyber threats, but also to build up the trust of various organisations in the community. Let’s work in partnership to achieve this goal. Lastly, I wish you all a very fruitful and insightful summit today. Thank you very much.

- ENDS -