Interview with Dr. Frank Tong – Chief Executive Officer and Dr. Duncan Wong – Vice President, Financial Technologies of the government-funded Hong Kong Applied Science and Technology Research Institute (ASTRI) – Part III
Discover the third and last part of Sia Partners’ interview with Dr. Frank Tong, CEO of ASTRI, and Dr. Duncan Wong, Vice President, Financial Technologies of ASTRI, who shared their view on the current cybersecurity landscape, development, and what ASTRI can do to contribute to the HK industry.
Sia Partners (S.P.): The HKMA launched the CFI at the Cyber Security Summit 2016 on in May and has issued a consultation paper on the Cyber Resilience Assessment Framework (CRAF) which is expected to receive the industry feedback by the end of Aug 2016. This could create additional challenges to banks in term of risk management and regulatory compliance. How do banks, especially small-to-mid sized banks that do not have abundant resources compared to larger banks, meet these challenges?
Duncan Wong (D.W.): We are developing the Cyber Intelligence Sharing Platform for the banking industry, there will be 157 banks on this platform. For small-to-mid sized banks, we will encourage them to go into the platform to learn about the latest cyber threat intelligence. They are going to benefit a lot from this first-hand information, so that the platform can enhance cybersecurity readiness for the entire industry. Of course, the bigger banks have more resources so they are going to contribute more in this platform. Ultimately, it is going to be the effort of the entire industry to contribute to this platform. The small-to-mid sized banks can seek support and work closely with the cybersecurity industry such as consulting firms or penetration testing companies. Overall, it is a process to start from the awareness, enhance the readiness, and finally get them more involved.
(S.P.): The HKMA is working with the ASTRI and the Hong Kong Institute of Bankers (HKIB) on the design structure of the Professional Development Programme, targeting to roll it out by the end of this year. What would you suggest the banks and professional firms do to prepare this programme?
(D.W.): Many of them have already been working with us closely including HKMA and HKIB, there are several regular sessions and we are having very active sessions with banks and other stakeholders. We believe the society is ready for setting the standards on the professional development for cybersecurity.
Frank Tong (F.T.): We are negotiating that the qualification issued from the HKIB will be mutually recognized by other countries. We have discussed with Singapore, some of South East Asia countries and United Kingdom etc. We believe that this is a very powerful qualification because once you are certified in HK, you can also be recognized all over the world.
ASTRI is only the technology arm of HK, we cannot fulfill the entire ecosystem. However, we will work together with HKMA, Hong Kong Association of Banks (HKAB), HKIB and also other industries and partners to establish HK as a better place for cybersecurity. This also helps industries better position themselves with China and rest of the world. Cybersecurity is indeed a mega project for HK at this moment.
Development in Cybersecurity
(S.P.): How well is Hong Kong doing in Cybersecurity compared with other major financial centres such as New York, London and Singapore? What Hong Kong should do to catch up global standard for Cybersecurity?
(D.W.): HKMA is a driving seed and encouraging the industry to set the standard for cybersecurity, but HK in general needs to do a lot more in cybersecurity especially from other sectors. Nowadays, not just New York City or London, if you look at Israel, they are also focusing a lot on cybersecurity, especially on utilities and critical infrastructure. Other countries are also trying to enhance the cybersecurity profile for airports, electricity and smart grids etc.
(F.T.): Cybersecurity is one of the cornerstones of FinTech. Recently, a professional firm has published a report to rank seven cities as potential FinTech hubs, HK was ranked as 7th, which is the lowest rank. Compared with Singapore, there are many FinTech initiatives and consortiums. The Singapore government is very proactive. For example, “Global FinTech Hackcelerator” program is launched which has solicited 100 technology problem statements from the financial industry. They have the Agency for Science, Technology and Research (ASTAR) which is much bigger than ASTRI, even they have less population than HK. Singapore has spent a lot of effort to position itself as the APAC FinTech hub.
Those international financial centres such as New York, London, are all associated with the FinTech hub. In order to catch up as a FinTech hub, we need a coherent and holistic approach for R&D in HK. For education, we need to address the mismatch issue, develop relevant programs that are required by the industry. In addition, HK will need to continue to develop the local talents.
(S.P.): In the long term, what do you foresee the Cybersecurity development in Hong Kong? How can ASTRI contribute in the industry along the development?
(F.T.): At ASTRI, we have set FinTech as one of the most important initiatives and identified the areas we should work on. Within cybersecurity, we have a few initiatives. We launched the cybersecurity conference which was well received. Around 900 people attended the conference, and we had invited speakers from FBI, homeland security, Interpol and other experts over the world.
In addition to the conference, we have setup the ASL last May. ASTRI is working with the Hong Kong Police Force on the “CyberRange” program to simulate cyber-attacks where you will have two teams, one is in offensive and the other is in defensive to simulate and research cyber-crime cases. We are building the Cyber Intelligence Sharing for CFI. We also provide training and necessary infrastructure to people in the industry. Furthermore, we have R&D programs for cybersecurity including encryption program, decryption program and processing in the cloud space.
At last, cybersecurity will extend beyond the financial sector. ASTRI continues to conduct R&D in cybersecurity, develop talents, increase awareness and work closely with the Government, regulators and industries in this aspect.
Link to other parts of the interview:
Copyright © 2016 Sia Partners. Any use of this material without specific permission of Sia Partners is strictly prohibited.