Protecting the security of computer systems in critical facilities (Fang Baoqiao) – EJ Tech

This articleauthorFang BaoqiaoHe is the Honorary President of the Hong Kong Information Technology Industry Association and writes a column for the Hong Kong Economic Times.“Kami Shingo”.

With the rapid development of technology, Hong Kong’s social operations are increasingly dependent on the Internet and computer systems, especially critical infrastructure that provides essential services, including financial institutions, communications, power supply, railway systems, etc. Once they are attacked by cyber attacks, they will have a serious impact on social operations.

Many countries and regions are now aware of this and have enacted legislation to protect it. For example, Mainland China, Macau, Australia, the European Union, Singapore, the United Kingdom and the United States have all enacted relevant laws to protect critical infrastructure from cyber attacks. After the implementation of the new laws, the ability of countries to respond to cyber threats will be effectively improved, reducing economic and social losses caused by cyber attacks.

As an international financial center and an important global economic hub, Hong Kong also needs to protect the computer systems of its infrastructure. Cyber ​​threats are increasing, and Hong Kong needs to establish a clear legal framework to regulate the responsibilities of operators of critical infrastructure and ensure that they can establish a sound security management system, formulate computer system security plans, incident response plans, and conduct regular risk assessments and cybersecurity exercises.

The legislative framework proposed by the government will clearly stipulate that only designated “critical infrastructure operators” and their “critical computer systems” will be regulated. Most of the regulated will be large institutions, and small and medium-sized enterprises and individuals will be basically unaffected. Operators need to establish a computer system security management department with professional knowledge, formulate and implement computer system security plans, conduct regular risk assessments and security audits, and participate in computer system security exercises. In addition, operators must ensure that the systems of third-party service providers meet relevant statutory requirements.

Operators must report security incidents of “critical computer systems” within the prescribed time and submit detailed incident reports. In addition, operators need to formulate emergency plans to ensure that they can effectively respond to emergencies. The Hong Kong government will set up a dedicated office under the Security Bureau to be responsible for the implementation of the proposed regulations. The functions of the dedicated office include specifying “critical infrastructure operators” and their “critical computer systems”, monitoring computer system security threats, and assisting in responding to security incidents.

The legislative framework for protecting the security of computer systems in critical infrastructure is an important measure to ensure the normal operation of Hong Kong society and a good quality of life for citizens. By establishing a clear legal framework, regulating the responsibilities of operators, and enhancing cyber security protection capabilities, Hong Kong will be better able to cope with the increasingly severe cyber threats. It is hoped that all stakeholders will actively respond during the consultation period later to lay a more solid security foundation for Hong Kong’s future.

More articles by Fang Baoqiao:

Support EJ Tech

If you want to submit articles, report information, publish press releases or interview notices,Click here to contact us.