**********************************************
Following is a question by the Hon Tsang Yok-sing and a reply by the Secretary for Commerce, Industry and Technology, Mr Joseph W P Wong, in the Legislative Council today (May 23):
Question:
It has been reported that serious security loopholes are found in the Wi-Fi wireless Internet access service provided in some local venues. So long as hackers are equipped with suitable software, they may intrude clandestinely to steal the Wi-Fi web surfers' information and the contents of their instant messages. In this connection, will the Government inform this Council:
(a) whether it has discussed with network providers of Wi-Fi service and managers of venues where such service is provided how to prevent the service users' information and the contents of their instant messages from being stolen; if it has, of the details; if not, whether it plans to follow-up the matter;
(b) whether it has plans to step up publicity and education to remind the public of the risks of using Wi-Fi Internet access; if it has, of the details; if not, the reasons for that; and
(b) how the Government safeguards the service users' information against theft when providing Wi-Fi service in its venues?
Reply:
Madam President,
"Safety Net" is an issue that all Internet service providers and users must manage and pay attention to. Information security is a key focus area of the Digital 21 Strategy. All along, the Government has been promoting public awareness of information security through various channels, including the one-stop information security portal (the "InfoSec" at www.infosec.gov.hk), community events, forums, radio broadcasting, TV episodes and leaflets. Through these promotional activities and facilities, we educate citizens and the industry on associated security risks of the Internet, how to implement precautionary measures so as to alleviate the risks in using Internet, and prevent system from being hacked and information being stolen by hackers.
Regarding the question asked by Hon Tsang Yok-sing, my reply is as follows:
(a) The Office of the Telecommunications Authority (OFTA) has followed up the case reported with the corresponding service suppliers and required them to provide effective security measures for ensuring effective delivery of their clients' information, freeing from the threats of hackers. OFTA will consult relevant licensees with a view to setting up industry guidelines and code of practice and will also request them to conduct regular security audit for their systems to ensure that the services provided meet the security requirements set by the industry guidelines and code of practice.
(b) We will strengthen the promotion of information security to the public through existing promotional programmes and channels mentioned above. In later this year, we will also launch a series of publicity and promotional activities, for example, dissemination of leaflets, conduct of road shows, etc., to educate citizens on the necessary security knowledge for the use of public Wi-Fi services. Examples of such knowledge include the risk of Internet access; security measures required for using Wi-Fi services; and proper ways of using the Internet.
(c) We will engage relevant service providers from the market to provide Wi-Fi services at Government premises. We will specify the security requirements in the tender document to ensure that the contractors will provide the necessary hardware, software and technology with appropriate security features in delivering the required services.
We will require service providers to provide various security measures so as to ensure that user data will not be stolen by others. These measures will include encryption, intrusion prevention and detection systems, filtering software, etc.
We will also engage security consultants to perform security risk assessment on the Wi-Fi network designs, and conduct security audit after the networks have been put into full operation to ensure that the services provided meet our security requirements.
Ends/Wednesday, May 23, 2007
Issued at HKT 12:38
NNNN
