Following is a question by Dr Hon Cheng Chung-tai and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (January 11):
 
Question:
 
     Earlier on, the Hong Kong Applied Science and Technology Research Institute (ASTRI) has developed, using public money, a CyberSecurity Information Sharing Platform (SecShare) for the purpose of collecting, consolidating and categorising cyber security intelligence. In August last year, ASTRI licensed a private company to use SecShare, so that ASTRI's cyber security technologies could be further promoted and applied to various industries, thereby enhancing their ability to counter cyberattacks. On the other hand, the Hong Kong Monetary Authority (HKMA) indicated in May last year that it would work with the Hong Kong Association of Banks and ASTRI to establish the Cyber Intelligence Sharing Platform (Intelligence Platform) by the end of 2016 for sharing cyber threat intelligence among various banks through the platform in order to enhance collaboration among banks, thereby uplifting the overall cyber resilience of the banking industry of Hong Kong. In this connection, will the Government inform this Council:
 
(1) as it has been reported that the aforesaid private company was set up by a former director of ASTRI prior to his departure, whether the Government knows if ASTRI, in vetting and approving the application from the company for the licence to use SecShare, had consulted the Innovation and Technology Bureau and the Independent Commission Against Corruption in order to prevent conflicts of interests; if ASTRI had not, the reasons for that; and

(2) whether it knows the organisation to be responsible for managing the Intelligence Platform; how HKMA will monitor the work of that organisation?
 
Reply:
 
President,
      
     Our reply to the two parts of the question is as follows:
 
(1) The non-exclusive technology licensing of the CyberSecurity Information Sharing Platform granted to a company founded by a former staff member (the staff member) of the Hong Kong Applied Science and Technology Research Institute Company Limited (ASTRI) last year was vetted and approved in accordance with established procedures of ASTRI, including review by a Committee under the Board of Directors of ASTRI (the Board). Members of the Committee include members of the Board, and representatives of the Innovation and Technology Commission as well as the ASTRI management. The licensing was non-exclusive in nature and all interested companies or individuals could negotiate with ASTRI for using the software concerned. In fact, ASTRI has negotiated with a few different companies on the licensing of the software concerned.
      
     After thorough consideration, the Committee determined that the case did not involve any misconduct or conflict of interest and that the licensing was also in line with the mission of ASTRI, including transferring of technologies to the industry, nurturing of technological talents and technology entrepreneurs. The Committee therefore supported the licensing application. The Committee however requested that the negotiation of the detailed terms and conditions of the proposed licensing should only be conducted after the staff member had left ASTRI.
      
     ASTRI has already sought advice from the Independent Commission Against Corruption (ICAC) when formulating its mechanism for preventing conflict of interest, including the Employee Code of Conduct, procedures on declaration of interest and all relevant documents, etc. ASTRI would not consult ICAC on any specific case.
 
(2) Regarding the Cyber Intelligence Sharing Platform mentioned in the question, ASTRI was granted in October last year funding support under the Innovation and Technology Fund to conduct a project titled Cyber-Security Assessment System for Financial and Securities Institutes for the research and development of a cyber security intelligence exchange platform among financial institutions for use by banks. The project was supported by the Hong Kong Monetary Authority (HKMA), with sponsorship from the Hong Kong Association of Banks. ASTRI is responsible for developing and managing the R&D project, which is expected to be completed in full by October 2018. In accordance with the funding mechanism, ASTRI should report project progress and submit reports to the Innovation and Technology Commission.
      
     Neither ASTRI nor the project concerned is regulated by HKMA.

Ends/Wednesday, January 11, 2017
Issued at HKT 15:00

NNNN