Cyber security legislation proposed

May 25, 2022

The Government is carrying out the preparatory work to clearly define the cyber security obligations of critical infrastructure operators through legislation, with a view to strengthening the cyber security of this infrastructure in Hong Kong.


Secretary for Innovation & Technology Alfred Sit made the remarks when answering questions from lawmaker Johnny Ng in the Legislative Council today, saying that a public consultation exercise is expected to be launched by the end of this year.


He emphasised that critical infrastructure is of great significance to the normal operation of society. If information systems, networks or computer systems are disrupted or sabotaged, the operation of major facilities may be affected and this will seriously jeopardise the economy, people's livelihood, public safety and even national security.


Noting that the increase in cyber attacks in recent years has brought substantial challenges to the cyber security of critical infrastructure around the world, Mr Sit said Hong Kong does not have specific legal requirements on the cyber security of such infrastructure.


Therefore, in addition to industry best practices as well as guidelines and requirements on cyber security imposed by individual regulatory authorities, the Government is making preparations to clearly define the cyber security obligations of critical infrastructure operators through legislation in order to enhance the cyber security of critical infrastructure in the city.


It will also refer to the cyber security standards adopted worldwide and by other jurisdictions in formulating relevant standards.


Mr Sit stressed that the Government has been closely monitoring the trends of cyber attacks and the associated security threats around the globe.


The Office of the Government Chief Information Officer has formulated a comprehensive set of Government IT Security Policy & Guidelines which are reviewed and updated regularly. All bureaus and departments must strictly abide by the policy and guidelines to ensure the security of government data and information systems.


Moreover, government websites and systems have adopted multiple layers of security measures to detect, block and tackle different types of security threats.

Back to top