Search Menu
Language Menu
Mobile Menu
Search
OGCIO
Home
What's New
Recent UpdatesPress ReleasesSpeeches & PresentationsLegislative Council PapersGalleryPublicationsConsultationsGeneral NoticesCirculars/Notices to IT Contractors & Suppliers
Speeches & Presentations
< Back
10-07-2019

Opening Keynote Speech by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security & Digital Identity) , at the “(ISC)² Secure Summit APAC 2019”


Dear Jennifer (Jennifer Minella, Chairperson of Board of Directors, (ISC)² USA), David (David Shearer, Chief Executive Officer, (ISC)² USA), Wesley (Wesley Simpson, Chief Operating Officer, (ISC)² USA), Dr. Lee (Dr. Lee Jae-Woo, Chairperson, Asia Pacific Advisory Council, (ISC)²), Clayton (Clayton Jones, Managing Director, (ISC)² APAC), distinguished guests, ladies and gentlemen,

Good morning! I am delighted to join you all today at the (ISC)² Secure Summit APAC 2019. Thanks to the continuous efforts of (ISC)² in fostering a safe cyber society, this event brings a valuable opportunity for professionals and experts to share their insights and learning experience in managing cyber security. Here, I would like to extend my warmest welcome to all participants, in particular those who are from overseas.

Riding on the wave of exponential technological advancement in recent years, many organisations are now offering services to their customers in a digital way using innovative technologies. This digital transformation not only reshapes our life style and user experience, but also raises our expectations of service delivery. As part of a recent Asia-Pacific survey, the respondents from Hong Kong ranked security, privacy and compliance as the top three most important elements in the delivery of digital services. In particular, the respondents have the highest expectations of trust from the Government, followed by financial service institutions and healthcare organisations. In fact, the Government attaches great importance to information security. Taking this opportunity, I would like to share with you some of the initiatives taken forward by the Government and different sectors in the community in protecting digital services against cyber attacks in Hong Kong.

Within the Government, we have put in place a comprehensive set of information security management framework, with policies, guidelines and measures to strengthen our overall capabilities in cyber security. To ensure government security is on par with the international level, we make reference to international information security standards, such as ISO 27001, and industry best practice, in updating the said management framework. In addition, each and every government department has to conduct information security assessments and compliance audits regularly on their computer systems and practices. No matter how well a computer system is protected, attacks are somehow inevitable. To ensure our readiness in incident response, we have established government-wide procedures in responding security incidents that may arise. To get our colleagues well practised with the response procedures, an inter-departmental drill has been conducting annually to train up government staff in face of different kinds of cyber attacks.

It is beyond doubt that a reliable critical infrastructure is vital for the provision of digital services. Hence, the Government has all along been working with relevant parties to ensure the cyber safety of critical infrastructure. In this area, the Hong Kong Police Force plays a pivotal role to assist in the prevention and detection of cyber attacks by conducting timely cyber threat analyses and audits. At the same time, the Hong Kong Computer Emergency Response Team (“HKCERT”), funded by the Government, liaises with critical infrastructure sectors and delivers awareness briefings to these organisations so as to safeguard the security environment of Hong Kong.

Cyber security is not just an issue of any single or specific stakeholder. All stakeholders, including the Government, the industry and the public, must work together to address this challenge. In Hong Kong, financial and healthcare service providers have come up with their own strategies in boosting resilience capabilities. For example, in the financial sector, the Hong Kong Monetary Authority launched the Cybersecurity Fortification Initiative (“CFI”) in 2016 to raise the cyber security level of local banks. The banking industry is conducting relevant assessments in phases to strengthen the resilience of the banking system. In the healthcare sector, the Food and Health Bureau together with the Hospital Authority are administering the Electronic Health Record Sharing System (“eHRSS”) to facilitate public-private medical collaboration. This system was awarded the ISO 27001 Certification last year for its information security management system that demonstrates the efforts in making continuous improvements to the services. Moreover, HKCERT adopts a proactive approach to promote cyber security awareness in different sectors of Hong Kong.

In the community, the Government is committed to raising information security awareness among all sectors. To encourage small and medium enterprises (“SMEs”) and other companies in improving their productivity and upgrading their business processes, including the enhancement of security protection, the Government administer a Technology Voucher Programme (“TVP”) under the Innovation and Technology Fund. The programme provides financial support, in the form of matching funds, to incentivise local non-listed companies to adopt technology services and solutions to, among others, strengthen their cyber security. This year, the Government doubled the matching funds to HK$400,000.

To further help SMEs, the Hong Kong Internet Registration Corporation (“HKIRC”) has recently started to provide free technical support services to all SMEs using “.hk” domain names, including website vulnerability scanning, identification of system deficiencies and advisory for security improvements.

In view of the ever-evolving landscape of cyber security, it is vital for different sectors to join hands in defending against cyber attacks. In this regard, OGCIO launched a Pilot Partnership Programme for Cyber Security Information Sharing in September last year, aiming to promote closer collaboration among stakeholders of different sectors. A technology platform, “Cybersechub.hk”, is available to enable members of the programme from various sectors to exchange cyber threat information, discuss mitigation solutions, and share experience and best practices effectively. As of today, more than 130 member organisations from a wide spectrum of sectors are sharing ideas and exchanging views on the platform. The sectors include finance and insurance, healthcare, innovation and technology, manufacturing, non-profit organisations, professional bodies, public utilities, professional consulting services, research and academia, telecommunications, tertiary institutions, transportation, etc. If your company has not yet joined the programme, you are encouraged to represent your company to do so, to contribute to the building of trust in the delivery of digital services.

In light of the mounting cyber threats, it is crucial for us to enhance our capabilities not only to guard against cyber threats, but also to build up the trust of various organisations in the community. Let’s work in partnership to achieve this goal. Lastly, I wish you all a very fruitful and insightful summit today. Thank you very much.

- ENDS -

The Best is Yet to Come - Innovation and Technology
The 2024-25 Budget
The Chief Executive’s 2023 Policy Address
Facilitating of the Cross-boundary Data Flow within the Greater Bay Area
Exhibition of the 3rd Anniversary of Hong Kong National Security Law
You can stop corruption. Report Now!
ICT Outreach Programme for the Elderly
MSW Charging
Let Social Enterprises Bloom!
Legislative Control of Cannabidiol (CBD)
National Security Education Day
“Maker in China” SME Innovation and Entrepreneurship Global Contest - Hong Kong Chapter)
Electronic Health Record Sharing System (eHealth)
Improve Electoral System Ensure Patriots Administering Hong Kong
Support Clean Elections
iAM Smart Safe and Swift
CSDI website
Safeguarding National Security
Multi-functional Smart Lampposts
Fact Sheet : Office of the Government Chief Information Officer
ICT Event Calendar
Smart Government Innovation Lab
talent.gov.hk
New Patent System
Prohibition on Face Covering Regulation
Elderly IT Learning Portal
Hong Kong Legal Hub
Guangdong-Hong Kong-Macao Greater Bay Area
Cybersec Infohub
Corruption Prevention Advisory Service
Approved Fund-raising Activities
Cyber Security Information Portal
Hong Kong's Legal Services
IT Career Role Models Platform
Hong Kong Smart City Blueprint Portal
Web Accessibility Campaign - Making Web Content Available for All
Mutual Recognition of Electronic Signature Certificates issued by Hong Kong and Guangdong
The InfoCloud portal
Marketing Consultancy Office (Rehabilitation)
Developing Datacentre in Hong Kong
Wi-Fi․HK
GovHK Website
Government Computer Emergency Response Team Hong Kong (GovCERT․HK)
DATA․GOV․HK
CCLI Webste
CEPA
Hong Kong/Guangdong Expert Group on Co-operation in Informatisation
Hong Kong ICT Awards
INFO SEC
Student IT Corner
PreviousNext