Email this article Government Homepage
Speech by Government Chief Information Officer at
Information Security Forum 2005 (English only)

    Following is the speech by the Government Chief Information Officer, Mr Howard Dickson, at the Information Security Forum 2005 today (August 31): (English only)

Distinguished Guests, Ladies and Gentlemen,

     Good morning! I am delighted to deliver the opening speech for the Information Security Forum 2005. This is an important event for IT professionals and industry players to exchange expert views and share knowledge and experience on best practices in information security.

Cyber Risks

     According to research results, the volume of Internet traffic generated by end users worldwide is predicted to nearly double annually over the next few years. The intensive use of ICT and more offering of electronic services has transformed business operation and take over traditional delivery channels. While the online route serves to please customers and enable businesses to stay competitive, computer users are also exposed to greater risk of cyber attacks such as computer services disruption, data corruption, or leakage of confidential information in the computer. Information security is indeed everyone's concern.  

The Internet Era

     Internet surfing, emails and online operation are common sources of cyber risks. For the audience here, you know what phishing and bogus websites are and how they exploit the careless Internet users to disclose their credential information and illegally transfer money from their bank accounts. However, even the vigilant Internet users can become victims of keyboard-logger, spy-ware or ransom-ware if their information systems contain vulnerability loopholes. To protect our computer networks and systems against the attackers, it is necessary to implement security measures to monitor, detect and block various cyber attacks with the use of applicable technologies such as firewalls, anti-virus software, intrusion detection systems and other defensive mechanisms.  Most importantly, users should ensure that program patches are applied properly.

Electronic Messaging

     Email has become an integral part of the Internet for users to communicate with others.  However, amongst the emails received in Hong Kong, around 60% are spam, and the Hong Kong Internet Service Providers Association had found that the cost of spam to Hong Kong Internet service providers was nearly $6 million a month.

     Spamming is an intrusive nuisance that invades people's personal privacy and breaches IT security. Spam emails can be used maliciously to spread viruses, congest network traffic, transmit illicit contents and facilitate cyber crimes. To help combat spam emails, computer users may install effective email filters, discipline the usage of emails as well as take proactive steps to track down potential intruders or criminals as soon as the suspects appear on their websites. Various anti-spam measures are adopted to curb email spamming worldwide including both the establishment of relevant legislations and non-legislative measures.

The STEPS Campaign

     Recognising the damaging effects of spam on our community, the HKSAR Government has launched a campaign entitled "STEPS" in fighting the spam epidemic by means of -
- Strengthening Existing Regulatory Measure
- Technical Solutions
- Education
- Partnerships
- Statutory Measures

     The STEPS campaign is setting the scene for a partnership of Government, the ICT industry, the e-marketing industry and the community in a united front. We are working towards putting in place an anti-spam legislation for Hong Kong. Our direction will be to provide a significant improvement over the current legal and enforcement framework, both locally and internationally, with respect to the prosecution and prevention of criminal level activities. We consider that the proposed regulatory framework should provide an effective recourse mechanism to nuisance level spam where none is available as a user option.

     Various promotion and publicity activities are being progressively initiated to enhance public awareness of the spam problems, and provide them with accurate and useful information to deal with such problems. We will advocate a set of best practices to complement the legislative and regulatory framework as well as to balance marketing versus consumer nuisance interests especially concerning hand-held telephony and computing devices.

Online Operations

     In an interconnected world, information often moves across boundaries within a company or between companies. It is important that data moving across the value chain is protected in a consistent manner. It was shocking news that a data security breach, possibly the largest to date, had recently happened in the US and exposed more than 40 million credit card accounts to fraud. The Hong Kong Monetary Authority and our local banking industry have co-operated and implemented the two-factor authentication scheme for high-risk retail Internet banking transactions to tackle the "phishing" and "scamming" challenges.

     Increasingly, new regulatory compliance like Sarbanes Oxley has pushed accountability to the CEO and CFO and brought IT issues to the forefront. They are forced to set and polish up their security policies, guidelines and good practices. The government has led by example in strengthening IT security for government information systems. Back to 1999/2000, a security management framework has been put in place to ensure and enhance internal IT security. Recently, a special task force on information security has been formed comprising stakeholders in the industry to address specific information security issues and produce a checklist of focus activities for enhancing the information security in Hong Kong.  

Public Education and Awareness

     We have to be up-to-date and on the alert constantly on information security as well as discipline ourselves to follow the best practices and be a good citizen of the cyber world. The Government has set up various information resources including the "InfoSec" website ( to facilitate the access of information security related information and current updates by the public and companies. The development of a secure and reliable e-community requires every citizen's concerted effort.

     It is most encouraging to see a large number of reputable industry players gathering here for the promotion of IT security to the community. I wish the forum a great success.

     Thank you.

Ends/Wednesday, August 31, 2005
Issued at HKT 10:58


Print this page