Hong Kong 2024 Cybersecurity Legislation: What You Need to Know
As of August 2024, Hong Kong has taken significant steps toward strengthening its cybersecurity framework, particularly focusing on critical infrastructure. This post explores the recent developments, legislative proposals, and the broader context of cybersecurity in Hong Kong based on a comprehensive research report.
Legislative Background
Current State of Cybersecurity Legislation
Historically, Hong Kong has lacked specific cybersecurity legislation targeting critical infrastructures (CIs). This absence is particularly noticeable compared to measures enacted by Mainland China, Singapore, and Australia.
Legislative Developments
The initiative for cybersecurity legislation was first announced in the Chief Executive’s policy address in October 2022. Extensive consultations with various stakeholders resulted in a discussion paper on the proposed legislative framework being presented to the Legislative Council Panel on Security by June 2024.
Proposed Cybersecurity Legislation
Protection of Critical Infrastructure (Computer System) Bill
On June 25, 2024, the Hong Kong government proposed the "Protection of Critical Infrastructure (Computer System) Bill." This bill aims to protect computer systems of critical infrastructures and imposes statutory obligations on CI operators (CIOs).
Key Components
1. Scope and Targets: Focuses on critical infrastructures and their computer systems.
2. Obligations of CIOs: Divided into three categories:
- Organisational: Developing a robust cybersecurity framework.
- Preventive: Implementing measures to prevent cyberattacks.
- Incident Reporting and Response: Promptly reporting and responding to cyber incidents.
3. Commissioner’s Office: To be established under the Government’s Security Bureau for oversight.
4. Penalties: Non-compliance can lead to fines between HK$500,000 to HK$5 million, with additional daily fines for persistent non-compliance.
5. Appeal Mechanism: Provisions for appealing decisions made under the legislation.
Timeline
The Security Bureau plans to consult relevant sectors for a one-month period, introduce the Bill to the Legislative Council by the end of 2024, establish the Commissioner’s Office within a year of passage, and enforce the legislation six months later.
Cybersecurity Threat Landscape
Summary of Cybersecurity Incidents in 2023
HKCERT reported handling 7,752 security cases in 2023, with nearly 48% being phishing attacks. This number marked a 27% increase from 2022, targeting mainly the banking, finance, e-payment, and e-commerce sectors.
Emerging Threats
New threats include AI exploitation by hackers, emphasizing the need for a heightened cybersecurity awareness and response readiness
Ransomware Attacks
Ransomware attacks, involving unauthorized access, data theft, and ransom demands, are increasingly common. Proactive measures are crucial to mitigate these threats.
Broader Context and Comparisons
Regional and International Comparisons
Hong Kong's proposed legislation is similar to laws in Mainland China, Singapore, and Australia, all designed to protect critical infrastructure from cyber threats and ensure service resilience.
National Security Considerations
Influenced by Article 9 of the National Security Law, the legislation aims to safeguard national security by strengthening cyber regulation.
Conclusion
The proposed Protection of Critical Infrastructure (Computer System) Bill marks a critical advancement in Hong Kong’s cybersecurity efforts. It seeks to fortify CI against cyber threats, align with international standards, and address national security concerns. As the government consults with stakeholders to refine the legislation, it is crucial for Hong Kong's organizations to prepare for new cybersecurity obligations.
How Test Collab Can Help
Test Collab supports teams in building necessary checklists, sharing compliance-related tasks, and tracking performance. By providing tools to ensure adherence to new cybersecurity regulations, Test Collab helps organizations stay compliant and secure in this evolving landscape. Explore Test Collab to learn more about our solutions for cybersecurity readiness