Support
About Us
LoginContact Sales
EN
UD Blockchain
InfiniAI
Security
Cloud Server
Network
Cloud Hosting
Domain
Solution
UD Blog
LoginContact Sales
Support
About Us
EN
UD Blockchain
InfiniAI
Security
Cloud Server
Network
Cloud Hosting
Domain
Solution
UD Blog

UD Blog

Unveiling Perspectives and Delivering Insights Related to Tech

[Official Document Included] Introduction to "Legislative Framework to Enhance Protection of the Computer Systems of Critical Infrastructure”

Insight
cybersecurity網絡安全
2024-06-27

 

This article introduces the proposed legislative framework by the Legislative Council Panel on Security on "Enhance Protection of the Computer Systems of Critical Infrastructure”. This document details the legislative background, objectives, proposed contents, and implementation plans of the framework.

 

Legislative Background

Critical infrastructure refers to facilities essential for maintaining the normal functioning of society, such as banks, financial institutions, communication networks, power supply facilities, and railway systems. If the computer systems of these facilities suffer cyberattacks, it could have severe societal impacts. Therefore, strengthening the security of these facilities' computer systems is crucial.

 

Global Legislative Trends

As cyberattacks targeting critical infrastructure continue to occur globally, many countries and regions have enacted corresponding laws to enhance protection. For instance, Mainland China, the Macao Special Administrative Region, Australia, the European Union, Singapore, the United Kingdom, and the United States have all established relevant legislation to protect critical infrastructure security.

 

Legislative Needs in Hong Kong

Currently, Hong Kong has no statutory requirements for protecting the computer systems of critical infrastructure. However, with the rapid development of information and communication technology, these facilities increasingly rely on the internet and computer systems, making them more susceptible to cyberattacks. Therefore, it is necessary to enact relevant laws to strengthen the protection of these facilities, thereby enhancing the overall security of Hong Kong's computer systems.

 

Proposed Legislative Framework

Based on Hong Kong's specific situation and referencing practices from other jurisdictions, the Legislative Council Panel on Security proposed drafting a new law, tentatively named the "Critical Infrastructure Protection (Computer Systems) Bill." The primary objective of this bill is to mandate that operators of critical infrastructure assume statutory responsibility and take appropriate measures to enhance the security capabilities of their computer systems, thereby reducing the impact of cyberattacks on essential services.


Regulatory Scope and Targets

The Legislative Council Panel on Security propose that the proposed bill should cover the following two major categories of critical infrastructure:

Infrastructure Providing Essential Services: such as energy, information technology, banking and financial services, land transport, aviation, maritime, healthcare, and communication and broadcasting.

Infrastructure Supporting Important Social and Economic Activities: such as large sports and performance venues, research parks, etc.

Only operators of clearly designated critical infrastructure and their critical computer systems will be regulated. Operators must establish a professional computer system security management department responsible for developing and implementing a computer system security management plan.

 

Responsibilities of Operators

The responsibilities of operators are primarily divided into three categories:

Structure: Operators must have an address and office in Hong Kong, report changes in ownership and operational rights of the infrastructure, and establish a dedicated department responsible for computer system security.

Prevention: Operators must develop and implement a computer system security management plan, conduct regular risk assessments and security audits, and ensure their critical computer systems comply with relevant statutory requirements.

Incident Reporting and Response: Operators must participate in regular computer system security exercises and promptly report and respond to computer system security incidents.

 

Conclusion

By enacting the "Critical Infrastructure Protection (Computer Systems) Bill," Hong Kong will be able to enhance the security of critical infrastructure computer systems, ensuring the stable operation of essential services, thereby consolidating its good business environment and status as an international financial center.
 

For any cybersecurity issues or inquiries, please contact UD Network Security Experts.

UD offers professional and reliable cybersecurity solutions and services. Our team of network security experts hold certifications such as OSCP and GWAPT, and have many years of experience in the field. We have provided services to major enterprises, financial institutions, NGOs, and other organizations.

Enquire Now
Full Document

 

UD Blockchain Newsletters

The smart way to stay informed on how blockchain, cryptocurrencies and digital assets are transforming global business!

unBLOCK the future unCHAIN opportunities
LinkedIn
BlockchainInfiniAISecurityCloud ServerNetworkCloud HostingDomainSolution
UD BlogAbout UDContact UsSupport
Blockchain
InfrastructureDevelopmentNFTBlockchain Security
InfiniAI
AI Traffic MagnetAI Lead GeniusAI UMail AssistantPrivate Mini AIAI Chatbot Master
Security
MSSPSRAAPenetration TestPhishing Email TestVulnerability ScanningSSL Certificate
Cloud Server
Managed Cloud ServerMulti-Cloud SolutionOpenCloudDedicated ServerServer Colocation
Network
Global CDNChina CDNHong Kong CDNVideo CDNDynamic CDNSmart CDN
Cloud Hosting
Cloud Hosting & EmailCloud Email HostingCloud StorageDomain Registration
Solution
Live StreamingWeb DesignEmail MarketingDIY Site BuilderSMS Marketing PlatformChina Solution
UD
About UDContact UsPaymentSupportUD Blog
Copyright © 1998 - All rights reserved. UDomain Web Hosting Company Limited Privacy | Terms APNIC AS No. 23881, OFCA ISP & IVANS No. 1117
UDomain Whatsapp