*****************************************************

Following is the full text of the speech delivered by the Director of Information Technology Services, Mr Lau Kam-hung, in a seminar on information security jointly organised by the Information Technology Services Department and the Hong Kong Productivity Council today (Wednesday):

Mr. Tang, Honoured Guest Speakers, Ladies and Gentlemen,

Thank you Mr. Tang for the warmest welcome. And thank you all for giving up your valuable time to attend this "Information Security Seminar". I am honoured to be here addressing this large audience today. This shows that we all share the same concern on this important topic.

To say that "we are entering the information age" is way behind time because we are actually living in that era. Before the Internet emerged, most of us were using computers to perform traditional data processing. The rapid development and wide adoption of Internet technology has brought us many significant benefits which in the past would have been beyond imagination. Internet has created an ever expanding and globally connected community, which brings us new ways of doing business, learning and interacting socially.

However, with these benefits came the complex and difficult task of protecting our information property and critical operations in this worldwide network.

Many organisations and individuals jumped onto the Internet "bandwagon", with most of them failing to note the security problem. For those who hesitated about joining, it was fear over the Internet's vulnerability.

You may ask "is the Internet vulnerable?" Technically speaking, many early network protocols that now form part of the Internet were designed originally for openness and flexibility, not for security. It was because Internet was originally conceived and designed as a research and education network. However, the major factors contributing to this vulnerability are its exponentially increased accessibility and use of the network in complex applications.

In security term, the more isolated the system, the more secure it is. But we cannot isolate ourselves from the Internet just for the sake of security because the Internet has proved that it is indispensable.

You may wonder how we can protect our information property in the Internet. To answer this question, we have to understand the situation and risks. This is why the Hong Kong Productivity Council and my department jointly organized today's seminar to promote better understanding of information security.

Besides a better understanding of the situation and the risks, a secure infrastructure is necessary to protect our information property. Building a fundamentally secure infrastructure for both the Government and the public is one of the major initiatives in the Government's IT strategy in making Hong Kong a leading digital city in the next century.

Within the HKSAR Government, we have a set of security guidelines for all government departments and bureaux to follow in protecting their IT resources. We will update these guidelines through continuous security assessment, review and enhancement. To further strengthen our security, the Secure Central Internet Gateway (SCIG) is to go onstream early next year to enable the Government to gain access to the Internet and to communicate with the public in a secure and centrally managed manner. This gateway will adopt internationally accepted Internet security standards, and will protect the Government by means of firewalls, virus detection systems and proactive intrusion detection systems.

To provide a secure environment for electronic transactions, the Government is developing a Public Key Infrastructure (PKI). Based on this Infrastructure, a foundation will be built for the delivery of electronic services in a secure environment.

The Government will take the lead to introduce the Electronic Service Delivery (ESD) Scheme in the latter half of next year, covering a wide range of services provided by government departments and the public agencies. The Electronic Tendering System (ETS), which is to be launched early next year, is another application using PKI to provide secure electronic means for handling tender and related matters. My department is also working on a project for electronic transmission of confidential documents within the Government.

By following the open standard of PKI, Hongkong Post will set up the public Certification Authority by year-end to offer flexible certification services to meet various requirements of the community.

The private sector is free to set up its certification authorities to meet the demands of electronic commerce. To protect consumer interests and to enhance user confidence in electronic transactions, my department is going to set up a Certification Authority Recognition Office (CARO) by year-end. Certification authorities are free to apply for recognition on a voluntary basis, but only those which have achieved a standard of trustworthiness and have adopted a common and open interface in their operations will be recognized.

To provide a clear legal framework to foster electronic commerce in Hong Kong, a new bill entitled the Electronic Transactions Bill is now going through our legislature. This will enable the development of a definitive and supportive legal environment that creates certainty and incites business confidence for electronic commerce in Hong Kong.

Today's seminar is one of the Government's initiatives to promote information security. A better understanding of information security not only enhances protection against security violation but also ensures that electronic commerce can be accelerated.

I hope you would find today's seminar enlightening.

Thank you.

End/Wednesday, November 10, 1999

NNNN