(English only)

*****************************************************

Following is the full text of the opening speech delivered by the Director of Information Technology Services, Mr Lau Kam-hung, at the "Hacking Protection and Recovery Seminar" today (February 21):

Distinguished guests, ladies and gentlemen,

Good morning!

I am delighted to address the Hacking Protection and Recovery Seminar. On behalf of the Government of the Hong Kong Special Administrative Region, I would like to express our sincere thanks to the expert speakers today, especially those from overseas, who will share with us their invaluable experiences and insights in a moment.

Since the announcement of the "Digital 21" IT Strategy in November 1998, we have put in place the essential information infrastructure for Hong Kong to develop into a leading digital city. We have liberalised our telecommunications sector to the point where it is one of the most open and competitive markets in the world. We have enacted the Electronic Transactions Ordinance to provide a legislative framework for e-commerce to flourish, and established a local public key infrastructure required for the conduct of secure electronic transactions. We have launched the Electronic Service Delivery scheme for the public to transact with the Government through the Internet and public kiosks in a seamless manner. Most recently, we have entrusted the Hong Kong Productivity Council to establish the Hong Kong Computer Emergency Response Team Coordination Centre, or CERT in short, to act as a focal point for dealing with information security incidents.

However, Government's efforts alone is not enough. In respect of information security, we need your full participation to tackle it with vigilance. According to the information of the Hong Kong Police Force, the number of computer crimes in 2000 was 368, which has increased by 16 per cent as compared to 1999. Out of them, 275 cases are related to hacking, which account for three-quarters of the total number of cases. Virus attacks have also bothered us very much. I would not be surprised that some members of the audience today have indeed received malicious e-mails containing viruses in the past.

Information security is indeed a very important issue and tackling it with a reactive approach is not sufficient. Security measures should not be taken as just some "add-ons" to your computer systems or just the traditional user ID and password. It is an integral part of every computer system that requires careful consideration and planning. Information security is not just the installation of firewalls and anti-virus programs. It is actually integrated into our business routines as it also addresses training, thorough understanding of our staff on the security measures, formulation of policies and procedures on the effective deployment of technology, continuous system monitoring, prompt response to incidents, and efficient recovery to minimise service disruption to a company and its clients.

With the establishment of a local CERT, I hope our work on promoting information security and dealing with information security incidents will be better coordinated. The CERT aims at increasing the awareness of our local industry and the community on information security and providing useful advice to them on how to deal with security incidents. Such advice will include information security guidelines, virus alerts and other security alerts. As hacking and virus attacks are worldwide issues, I am glad to learn that the Hong Kong CERT will soon join the Forum of Incident Response and Security Teams, or FIRST in short, which is an international organisation to bring together the efforts of nearly 100 organisations with similar objectives in different parts of the world. Today, we are very pleased to have our partners in Australia and Singapore to be here to share with us their hands-on experiences. Coupled with the joint efforts of the Government and the community in tackling this important issue, I believe the CERT will become a cornerstone for the further development of e-commerce in Hong Kong.

Thank you.

End/Wednesday, February 21, 2001

NNNN