• 11/26/2024

Key computer system operators to be kept confidential under proposed cybersecurity law, security chief says

Hong Kong Free Press

Critical computer system operators confidential under proposed cybersecurity law, security chief says

The names of companies behind critical computer systems to be covered under a proposed cybersecurity legislation will not be publicised to prevent them from being targeted, Hong Kong’s security minister has said.

Secretary for Security Chris Tang speaks in Hong Kong's Legislative Council Chamber before lawmakers vote to pass new security legislation, on March 19, 2024. Photo: Kyle Lam/HKFP.
Secretary for Security Chris Tang speaks in Hong Kong’s Legislative Council Chamber before lawmakers vote to pass new security legislation, on March 19, 2024. Photo: Kyle Lam/HKFP.

Authorities last week proposed a bill to fine critical computer system operators up to HK$5 million for lapses in cybersecurity.

The Protection of Critical Infrastructure (Computer System) Bill is expected to cover eight sectors: energy, information technology, banking and financial services, land transport, air transport, maritime, communications and broadcasting, and healthcare services.

See also: Hong Kong urged to improve accountability after two more gov’t data breaches

Essential services provided by the government, meanwhile, are regulated by a separate set of existing guidelines.

The Security Bureau will launch a month-long public consultation this month, and aims to introduce the bill to the legislature by the end of the year.

Targets

Speaking at the Legislative Council on Tuesday, Secretary for Security Chris Tang said that the industries to be covered under the legislation have, in principle, supported enacting legislation, and unanimously agreed that safeguarding the security of computer systems was a common responsibility.

Computer programmer
A computer programmer typing on the keyboard. File photo: Wikicommons.

But the names of companies to be covered by the legislation could not be named, he said. “If we name them, there is a concern that those organisations could become targets of terror attacks.”

“This is an international standard,” he said, adding that the bureau had referred to other jurisdictions’ legislative directions to formulate a model suitable for the city.

Only large-scale organisations would be covered under the legislation, while small and medium-sized enterprises and individuals would not be affected, he added.

Tang also added that the law aimed to urge operators to enhance the security of their computer systems rather than penalise them, hence the fine, which could range from HK$500,000 to HK$5 million.

LegCo legislative council
The Legislative Council. Photo: Lea Mok/HKFP.

“However, if an individual is involved in an offence under the existing Criminal Ordinance, such as making false statements or exercising false documents, the person concerned may be held liable for criminal offences,” he said.

Several official bodies, including government departments, have seen potential data breaches in recent months. Last month, personal data of over 20,000 staff and students at the Chinese University of Hong Kong (CUHK) was stolen after a server at one of the institution’s schools was hacked.

Tang said he expected a commissioner’s office in charge of the legislation to be made up of 40 to 50 people from government bodies including the Office of the Government Chief Information Officer and the police force’s Cyber Security and Technology Crime Bureau.

Support HKFP  |  Policies & Ethics  |  Error/typo?  |  Contact Us  |  Newsletter  | Transparency & Annual Report | Apps

Help safeguard press freedom & keep HKFP free for all readers by supporting our team

TRUST PROJECT HKFP
SOPA HKFP
IPI HKFP
contribute to hkfp methods

Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.

https://hongkongfp.com/2024/07/02/key-computer-system-operators-to-be-kept-confidential-under-proposed-cybersecurity-law-security-chief-says/