SearchLanguageMobile menu

OGCIO

23-10-2019

Opening Address by Mr. Victor Lam, JP, Government Chief Information Officer, at the “Information Security Summit 2019” (with photos)

Mohamed (Mohamed D. BUTT, Executive Director of Hong Kong Productivity Council), Dale (Dale JOHNSTONE, Chairman of IS Summit 2019 Organising Committee), distinguished guests, ladies and gentlemen,

Good morning. It is my great pleasure to join the Information Security Summit 2019 today. I would like to thank the Hong Kong Productivity Council (HKPC) for organising this prominent, annual event of the Asia Pacific Region. In the coming two days, we have a number of regional and local leaders gathering here to share the latest developments and their experience and insights in information security.

Information technology is a driving force for innovation and also a pillar for social and economic development. The Government of the Hong Kong Special Administrative Region is fully committed to facilitating the development and adoption of innovation and technology to improve our citizens’ daily living. On this front, we launched the Smart Government Innovation Lab (Smart LAB) this April to promote the development of more innovative solutions, and at the same time encourage government departments to adopt solutions offered by the industry to improve public service delivery and internal operations. While technology advancement brings forth service and business improvements, we also need to be mindful about the associated security risks and devise proper strategy and measures to tackle them.

With the ubiquitous adoption of technology today, the attack vectors exist in different platforms such as mobile devices, cloud and extended to a great variety of IoT devices. The growing popularity of these platforms has significantly increased the chance of cyberattacks. According to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), there were about 7,200 incident reports in the first three quarters of 2019, representing 72% of the total number of incident reports last year. To effectively combat and contain cyber threats, it is crucial to continuously improve the protection and resilience capability of the whole community. Here, I would like to share with you the major focus and initiatives of the Government in this respect.

First and foremost is on enterprises, which are the core of our economy. To address the ever-evolving cyber threats, it is important for enterprises of all sizes, especially our small and medium enterprises (SMEs) to keep on strengthening their protection. The Technology Voucher Programme provides financial support of up to $400,000 to each local enterprise on a 2 to 1 matching basis. Companies can make use of the financial subsidy to improve their cyber security measures, including acquiring services and solutions to guard against cyberattacks.

With the maturity of cloud computing, our SMEs have already seized the opportunity to expand their business on e-commerce platforms. However, if their digital presence is not equipped with associated security measures, whether due to the lack of awareness, knowledge or resources, companies are vulnerable to cyberattacks. Recognising this, the Hong Kong Internet Registration Corporation Limited launched a free website vulnerability scanning service in the middle of this year. The service aims to promote awareness of SMEs on cyber security, identify security deficiencies in their systems and provide free advisory for improvements. This new initiative will certainly improve the overall cyber security level in the community. I am pleased to note that the new service is welcome by our SMEs, with over 140 companies received this free service and strengthened their security protection in just three months.

Besides enterprises, we also need to raise cyber security awareness in the community and nurture information security talent. We recognise that continuous awareness promotion, training and education are the critical success factors. The Government together with HKCERT adopt multiple channels including websites, social media and seminars to disseminate relevant information and reference materials to the public to enhance their awareness and knowledge to guard against cyberattacks.

To ensure that there are sufficient supply of information security professionals in the community, the Government is committed to facilitating industry development and nurturing talent of the local IT security sector. We collaborate with professional bodies in organising various conferences and training, as well as encouraging enterprises and IT practitioners to obtain security accreditations. Within the Government, we take the lead to equip our own IT professionals with accredited professional qualifications. We also encourage universities and tertiary education institutions to offer more information security courses to nurture young talent at both undergraduate and post-graduate levels. According to my understanding, cyber security courses are in very high demand recently. My heartfelt thanks to computer science departments and professors for their dedicated efforts in arranging more sessions of the same course in order to meet with the demand.

Another important strategy is to foster the culture of information sharing and collaboration in the society. Cyber security is no longer a matter of any single organisation. A secure cyber environment requires contributions and support from different sectors of the society. Hence, we launched the cross-sectoral programme on cyber security information sharing in September 2018. Leveraging on the sharing platform under the programme, public and private organisations exchange information, professional insights, best practices, mitigation measures on various cyber security topics. The general public can also benefit from obtaining useful expert information via the public zone of the platform. I am pleased to have over 140 organisations participating in the programme so far, covering a wide spectrum of sectors including finance and insurance, healthcare, public utilities, telecommunications, innovation and technology, academia, etc. I would like to take this opportunity to encourage your company or organisation to join if you have not yet done so.

To build a safe cyberspace, the Government will certainly keep up vigilance in defending against cyber threats. At the same time, I would count on you all to step up efforts to enhance the cyber security capability of your organisations for the common good of our society.

I wish you all a very fruitful and enjoyable conference. Thank you.

- ENDS -