- Proposed Legislative Framework to Enhance Protection of the Computer Systems of Critical Infrastructure (https://www.legco.gov.hk/yr2024/english/panels/se/papers/se20240702cb2-930-3-e.pdf)
- Legislate for Cybersecurity of Critical Infrastructure
23. To address the increasing risks of cyber-attacks globally, the Government is working to enhance the cybersecurity of our critical infrastructure, including energy, telecommunications, transportation, financial institutions, etc. We will introduce a bill into the Legislative Council (LegCo) for this purpose in 2024 (https://www.policyaddress.gov.hk/2023/en/p21.html)
The Security Bureau seeks to regulate critical infrastructure operators to be responsible for securing their Critical Computer Systems (CCSs) and plugging the potential security loopholes to prevent personal data and business information from leaking.
8 sectors of essential services – including energy; information technology; banking and financial services; land transport; air transport; maritime; healthcare services and communications and broadcasting.
CIOs have to formulate and implement a computer system security management plan and submit the plan to the newly established Commissioner’s Office for the implementation of the proposed legislation by the Security Bureau on strengthening critical infrastructure computer systems protection.
For those CIOs who failed to formulate and implement a computer system security management plan, or have not conduct system security risk assessment according to the standard, the maximum fine will be up to HK$5,000,000.