Hong Kong Secretary for Innovation and Technology Alfred Sit discusses how potential cyber-attacks will be mitigated.
During Hong Kong Legislative sitting, Dr Johnny Ng, MH, member of CPPCC, Legco member of Hong Kong SAR brought up reports “that potential geopolitical changes, potential sanctions on the Chinese Government, including cutting off the export of certain technological products to China and banning China’s use of such products could possibly affect Hong Kong”.
Dr Ng stated there could even be “hackers in western countries waiting for opportunities to launch cyber-attacks on China in attempts to affect the operation of the Chinese Government and related organisations”, and thereby potentially affecting Hong Kong.
According to Hong Kong Secretary for Innovation and Technology Alfred Sit the Government attaches great importance to information security, including cyber security. We have been tackling information security issues through a multi-pronged strategy to mitigate the risks brought by cyber threats.
Bureaux and departments (B/Ds) actively implement multiple layers of security measures to monitor, detect and block potential malicious attacks on their information systems and networks, and take commensurate measures promptly to ensure the security of the Government’s systems and data.
“We also closely collaborate with related organisations and departments to enhance the overall defence capability and resilience of Hong Kong against cyber-attacks and strive to build Hong Kong as a safe and secure smart city,” stated Sit.
According to Sit the Government has been closely monitoring the trends of cyber-attacks and the associated security threats around the world to ensure the continuity of normal operation of the Government’s systems and services.
In procuring information technology (IT) equipment products, Government departments place high importance to the relevant security standards and the support services offered by the suppliers in addition to functionality and compatibility.
Hong Kong also reminds departments to procure IT and communication products from diverse sources to manage the risks of potential restriction imposed on technology products.
Considering targeted and organised cyber-attacks on a global scale, the Office of the Government Chief Information Officer (OGCIO) has formulated a comprehensive set of Government IT Security Policy and Guidelines (Policy and Guidelines), which are reviewed and updated regularly with reference to the latest international standards and industry best practices.
All B/Ds must abide strictly by the Policy and Guidelines to ensure the security of government data and information systems. The OGCIO also regularly conducts compliance audits for B/Ds to ensure the compliance of their information systems with relevant security requirements.
On technical aspect, the Government commits itself to the overall information security measures to respond to all types of cyber security threats. Leveraging on modern cloud technologies, the Government launched the Next Generation Government Private Cloud Infrastructure Platform in September 2020 to provide a more secure, reliable, and scalable infrastructure for the digital government services of different departments.
The platform has so far supported over 350 digital government services. At present, the government websites and systems have adopted multiple layers of security measures including data encryption, firewalls, content delivery networks, scrubbing function, intrusion detection and prevention systems against distributed denial of service (DDoS), anti-malware software, endpoint protection solutions and real-time monitoring tools, to detect, block and tackle different types of security threats. In addition, the Government also implements spam filtering systems to tackle malicious email attacks.
On the other hand, to respond to emergency incidents effectively, the OGCIO has established the Government Computer Emergency Response Team Hong Kong to assist and co-ordinate departments in handling the work of computer emergency response and incidents. The OGCIO also organises the Inter-departmental Cyber Security Drill annually to strengthen the capability of government departments in defending and responding to cyber security incidents.
Meanwhile, the Government attaches great importance to the co-operation and information sharing with the Mainland and other regions on cyber security in order to respond to the cyber security threats in a prompt and timely manner. The OGCIO has also joined the Forum of Incident Response and Security Teams and the Asia Pacific Computer Emergency Response Team, etc, and is working closely with the National Computer Network Emergency Response Technical Team/Coordination Centre of China on exchanges, co-operation, and notifications of cyber security intelligence. We also actively participate in related activities organised by these organisations.
A safe business environment is crucial for fostering economic development, prosperity, and stability. Critical infrastructures are of great significance to the normal operation of the society. If the information systems, information networks or computer systems of the crucial infrastructures are being disrupted or sabotaged, the normal operation of their main facilities may be affected, and will seriously jeopardise the economy, people’s livelihood, public safety, and even national security.
The increase in cyber-attacks in recent years has brought substantial challenges to the cyber security of critical infrastructures around the world. Currently, Hong Kong does not have specific legal requirements on the cyber security of critical infrastructure. Therefore, in addition to industry best practices as well as guidelines and requirements on cyber security imposed by individual regulatory authorities, the Government is currently making preparatory work to clearly define the cyber security obligations of operators of critical infrastructure through legislation, with a view to strengthening the cyber security of critical infrastructure in Hong Kong. In formulating relevant cyber security standards, reference will also be made to standards adopted by other jurisdictions and around the world. The Government intends to launch a public consultation exercise by the end of this year.