The Hong Kong government is planning a new law designed to make the operators of public utilities and other crucial infrastructure step up security against cyber attacks.

The move was announced on Wednesday during Chief Executive Carrie Lam’s last policy address of her current term, confirming earlier media reports.

Workers handing out copies of the latest Policy Address on a footbridge to the government headquarters on October 6, 2021. Photo: Candice Chau/HKFP.

The Security Bureau and the Innovation and Technology Bureaus are conducting a joint study, paving the way for a legal framework that will require compliance from private companies, statutory bodies and government departments on cybersecurity, government sources told HKFP.

Hong Kong has seen a series of cybersecurity attacks, such as when a local airline’s cache of client data was stolen, or when the Hospital Authority saw its patients’ data hacked. Authorities want to strengthen defences against similar incidents.

While it has yet to be determined which infrastructure or companies are considered critical, they may include public utilities, internet service providers and transport, the sources said.

Operators will be asked to strengthen their own information system’s security, for example by drawing up security guidelines, contingency plans, or incident reporting mechanisms in accordance with the law.

The law will offer a macro framework that will regulate companies and institutions instead of personal behaviour, the sources said.

It will consider similar legislation elsewhere such as in mainland China, which implemented cybersecurity laws in 2017, and Macau, which brought in a law in 2019.

Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit, Hong Kong Free Press is #PressingOn with impartial, award-winning, frontline coverage.

Selina Cheng

Selina Cheng is a Hong Kong journalist who previously worked with HK01, Quartz and AFP Beijing. She also covered the Umbrella Movement for AP and reported for a newspaper in France. Selina has studied investigative reporting at the Columbia Journalism School.