In a bid to bolster cybersecurity across critical sectors, Hong Kong’s government has put forth a new legislative proposal aimed at safeguarding infrastructures deemed essential to societal and economic functions. The initiative, unveiled on Tuesday by the Security Bureau, targets operators of key facilities like banks, transportation networks, and healthcare providers, mandating stringent cybersecurity measures and incident reporting protocols.
According to the proposal submitted to the Legislative Council, critical infrastructures encompass facilities vital for Hong Kong’s daily operations, classified into two main categories. The first category includes entities delivering essential services across energy, information technology, banking, transportation (land, air, maritime), healthcare, and communications sectors. The second category extends to infrastructures supporting significant societal and economic activities, such as major sports venues.
Key provisions of the proposed legislation mandate operators to establish dedicated computer system security management units, conduct annual security risk assessments, and commission independent security audits biennially. Furthermore, operators must promptly report serious cybersecurity incidents within two hours of detection. Non-compliance could result in substantial fines ranging from HK$500,000 to HK$5 million.
To oversee adherence to these requirements, a new commissioner’s office under the Security Bureau will be established. This office will monitor operators’ compliance and enforce penalties for violations.
Addressing public concerns, Security Minister Chris Tang clarified in a Facebook post that the legislation primarily targets large organizations rather than individual users. He emphasized that the proposal aims to safeguard cybersecurity without compromising internet freedom.
The legislative framework is set for initial discussion in a security panel meeting on July 2, with a subsequent month-long consultation period slated to gather feedback from stakeholders. The Security Bureau aims to formally introduce the bill to the Legislative Council by the end of 2024.
The proposal marks a proactive step by Hong Kong authorities to fortify cybersecurity amidst growing threats, ensuring resilience against potential disruptions to critical infrastructures vital to the city’s functioning.
Related topics: