Following is the full text of the speech delivered by the Director of Information Technology Services, Mr Lau Kam-hung, at a seminar on security and hacking jointly organised by the Information Technology Services Department and the Hong Kong Computer Society today (April 1):
Mr Lai, Distinguished Guests, Ladies and Gentlemen,
Good morning! Welcome to this seminar jointly organised by the Hong Kong Computer Society and the Information Technology Services Department of the HKSAR Government. I am delighted to have this opportunity to talk to you about information security and the work of the Government on this very important subject.
The advancement of information technology (IT) has brought about new ways of living and new ways of doing business. IT has been widely accepted as an important tool to enhance our competitiveness in the Information Age of the 21st century.
The emergence of the Internet is the most significant feature of the Information Age. The Internet has created an ever expanding and globally connected virtual community. The rapid development and wide adoption of the Internet has also brought us new business opportunities.
While we have witnessed a remarkable growth in electronic commerce, we have also noticed a significant increase in computer crime. A major area of computer crime is hacking, or unauthorised access to computer and network systems. There were 238 hacking cases reported to the Police in 1999, as compared to 13 such cases in 1998. It is believed that many hacking attacks went unreported because companies wanted to avoid negative publicity.
Hacking is getting more sophisticated. Hackers have become a great threat to commercial security and many of them are also connected with organised crime. The series of attacks by hackers in February this year led to shutdowns of a number of famous web sites. This reminded us that hacking could be in such a large scale that protection against hacking, or indeed computer crime, is not just a task for individual web sites but a cooperative task for the whole cyber community.
The Government is well aware of the need to keep its own information systems secure. We maintain a team of specialists to deal with issues on IT security. All government bureaux and departments have adopted appropriate measures to protect their computer and network systems against intrusion.
To further strengthen our security, my department has just set up the Central Internet Gateway (CIG) system to enable government bureaux and departments to gain access to the Internet, to disseminate information and to communicate with the public over the Internet through a secure and centrally managed gateway. The CIG has adopted internationally accepted Internet security standards, and will protect the government bureaux and departments by means of firewalls, virus detection systems, and proactive intrusion detection systems. To keep in pace with the ever changing cyber world, we will also conduct regular reviews on our security systems in line with the latest development of the Internet technology.
We are also fully aware of the importance of building a safe and secure environment for our community to conduct electronic transactions on the Internet. Our implementation of the Public Key Infrastructure is one of the measures to build up confidence of the community in electronic transactions. With the Public Key Infrastructure, a framework is built for authenticating the identity of the participants in performing electronic transactions. Within this framework, the Certification Authority of the Hongkong Post offers flexible certification services to meet different requirements of the community.
The private sector is free to set up Certification Authorities (CAs) to meet the demand in Hong Kong. The private CAs can apply for recognition from the Government on a voluntary basis. To protect consumers' interest and enhance users' confidence, we will only grant recognition to those CAs which have achieved a trust standard acceptable to us and have adopted a common and open interface in their operation.
On the technology research side, the Government has provided funding support to the University of Hong Kong for conducting researches in public key cryptographic technology. The project on Strong Cryptographic Infrastructure for electronic commerce is an example. This project has provided the public with simple means to learn and use public key cryptographic technology.
Although the Government has laid the foundation for building up a safe and secure environment for the community to conduct electronic transactions, it is difficult to completely prevent the criminals from taking advantage of the advanced technology and put it into illegal use. In view of the unique nature of computer crime, an inter-departmental working group of the Government, chaired by the Security Bureau, will review the adequacy of existing legislation as well as administrative measures dealing with computer crime. It will also examine international developments and trends, and draw lessons for Hong Kong. The working group aims to complete its deliberations and draw up its recommendations in about six months' time.
We believe prevention is better than prosecution. The Government is therefore committed to promoting awareness on information security to the general public, in particular small and medium-sized enterprises, on matters relating to computer and Internet security. Events like today's seminar provide a valuable opportunity for executives, experts, government officials, and audience like you to share experience, exchange ideas, and keep abreast of the latest issues on information security. The Government will, in collaboration with other organisations, continue to organise events of this kind to promote awareness on information security. From the 12th to 14th of this month, my Department and the Hong Kong Productivity Council will jointly organise an "Information Security Showcase" at the Hong Kong Convention and Exhibition Centre. You are welcome to visit the exhibitions and attend the seminar sessions.
Finally, I hope you will find today's seminar enlightening.
End/Saturday, April 1, 2000