{"id":5378,"date":"2024-07-03T18:36:13","date_gmt":"2024-07-03T10:36:13","guid":{"rendered":"https:\/\/www.boasecohencollins.com\/?p=5378"},"modified":"2024-07-03T18:36:15","modified_gmt":"2024-07-03T10:36:15","slug":"first-cybersecurity-law-in-pipeline","status":"publish","type":"post","link":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/","title":{"rendered":"First cybersecurity law in pipeline"},"content":{"rendered":"\n<p><strong>By Claire Chow<\/strong><\/p>\n\n\n\n<p><strong>Hong Kong, 3 July 2024:<\/strong> Authorities are paving the way for Hong Kong\u2019s first cybersecurity legislation, seeking to regulate the protection of computer systems in sectors which are essential to the smooth running of the city. Operators of such systems will be required to ensure their integrity and reliability, while a new Commissioner\u2019s Office will oversee the regime and ensure implementation. Significant fines may be imposed on organisations which fail to comply.<\/p>\n\n\n\n<p>The measures are contained in the <a href=\"https:\/\/www.legco.gov.hk\/yr2024\/english\/panels\/se\/papers\/se20240702cb2-930-3-e.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Protection of Critical Infrastructure (Computer System) Bill<\/a>, details of which were given to the Legislative Council\u2019s Panel on Security this week. A month-long public consultation is imminent, with the bill expected to be brought before the full LegCo by the end of this year.<\/p>\n\n\n\n<p>So-called critical infrastructures (CIs) are the facilities necessary for the maintenance of normal functioning of society, such as financial institutions, healthcare systems, telecoms services, power supplies and transport networks. The computer systems at the heart of these need safeguarding from breakdowns or cyberattacks.<\/p>\n\n\n\n<p>There have been numerous incidents overseas in which major institutions or corporations have been seriously disrupted by hackers. In 2021, a fuel pipeline operator suffered a ransomware attack that hindered nearly half the fuel supply on the US east coast. Earlier this year, a data centre in Sweden was attacked by hackers, disrupting government operations.<\/p>\n\n\n\n<p>Synnovis (NHS England\u2019s pathology services provider) was also subject to a ransomware attack by Qilin (the Russian cyber-criminal group) only last month in which thousands of hospitals and appointments were disrupted. Publication of the stolen data included patient names, NHS numbers and blood test descriptions. The incident also forced the NHS to issue an urgent message to people with universal blood types to donate as the attack affected hospitals\u2019 ability to match patients\u2019 blood.<\/p>\n\n\n\n<p>Here in Hong Kong, medical services were similarly affected by a recent ransomware attack on the computer system of Union Hospital, though the hospital has stated that no leakage of patient data was found.<\/p>\n\n\n\n<p>The government is proposing two categories of CIs. First, those delivering essential services in eight sectors: energy, IT, banking and financial services, land transport, air transport, maritime, healthcare, and communications and broadcasting. Second, those maintaining important societal and economic activities such as major sports and performance venues, research and development parks, and the like.<\/p>\n\n\n\n<p>The proposed regime will apply only to designated CI operators (CIOs) \u2013 in other words, large organisations and institutions \u2013 and then only to their critical computer systems. In line with similar legislation in other jurisdictions, the identities of CIOs will not be made public in order to shield them from becoming potential attack targets.<\/p>\n\n\n\n<p>Essential services provided by the government, such as water supply and drainage relief, are not covered by the bill. These will remain regulated via an administrative approach under the internal Government Information Technology Security Policy and Guidelines.<\/p>\n\n\n\n<p>Once designated by the Commissioner\u2019s Office, CIOs will be required to: appoint a dedicated team with professional knowledge to manage cybersecurity; formulate and carry out a computer system security management plan and submit it for scrutiny; conduct a computer system security risk assessment once a year and undergo an independent audit every two years. Further, CIOs will be obligated to take part in a computer system security drill organised by the Commissioner\u2019s Office every two years.<\/p>\n\n\n\n<p>In the event of extremely serious security issues, CIOs must notify the Commissioner\u2019s Office within two hours. Lower-level security incidents should be reported within 24 hours. It is proposed that fines for non-compliance with any aspect of the new regime should range from HK$500,000 up to HK$5 million, with additional daily fines in the event of continuing breaches. It is also worth noting that while some companies outsource IT operations or management to third-party contractors, CIOs will ultimately be liable.<\/p>\n\n\n\n<p>In conclusion, the new cybersecurity legislation should be viewed as essential in protecting the core facilities that keep Hong Kong running smoothly. Clearly, cyberattacks can have serious and life-threatening consequences. We await with interest the final version of the bill, which will give potential CIOs a clearer picture of their obligations. In the meantime, organisations likely to be designated as such are strongly advised to review their existing cybersecurity arrangements and prepare for the new regime.<\/p>\n\n\n\n<p><strong>Claire Chow is an Associate with BC&amp;C, having joined the firm in 2019. She covers a broad range of practice areas including Civil and Commercial Litigation, and Judicial Review. She can be contacted at <\/strong><a href=\"mailto:Claire@boasecohencollins.com\"><strong>Claire@boasecohencollins.com<\/strong><\/a><strong>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Claire Chow Hong Kong, 3 July 2024: Authorities are  [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5375,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[],"class_list":["post-5378","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-54"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>First cybersecurity law in pipeline - \u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"First cybersecurity law in pipeline - \u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c\" \/>\n<meta property=\"og:description\" content=\"By Claire Chow Hong Kong, 3 July 2024: Authorities are [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/\" \/>\n<meta property=\"og:site_name\" content=\"\u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-03T10:36:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-03T10:36:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1202\" \/>\n\t<meta property=\"og:image:height\" content=\"567\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Niall Donnelly\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"Niall Donnelly\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/\",\"url\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/\",\"name\":\"First cybersecurity law in pipeline - \u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c\",\"isPartOf\":{\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg\",\"datePublished\":\"2024-07-03T10:36:13+00:00\",\"dateModified\":\"2024-07-03T10:36:15+00:00\",\"author\":{\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/#\/schema\/person\/5b77a07b7692a02ba65ff29d05c8f3b5\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#primaryimage\",\"url\":\"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg\",\"contentUrl\":\"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg\",\"width\":1202,\"height\":567},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"First cybersecurity law in pipeline\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/#website\",\"url\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/\",\"name\":\"\u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c\",\"description\":\"2018\u53ca2019\u5e74\u5ea6\u6700\u4f73\u8bc9\u8bbc\u53ca\u4e89\u8bae\u89e3\u51b3\u5f8b\u5e08\u884c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/#\/schema\/person\/5b77a07b7692a02ba65ff29d05c8f3b5\",\"name\":\"Niall Donnelly\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.boasecohencollins.com\/zh-hans\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/54b15b260b9ed40d8e860705893b81f8cd72e1f211fea70f35ec1dcafc686171?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/54b15b260b9ed40d8e860705893b81f8cd72e1f211fea70f35ec1dcafc686171?s=96&d=mm&r=g\",\"caption\":\"Niall Donnelly\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"First cybersecurity law in pipeline - \u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/","og_locale":"zh_CN","og_type":"article","og_title":"First cybersecurity law in pipeline - \u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c","og_description":"By Claire Chow Hong Kong, 3 July 2024: Authorities are [&hellip;]","og_url":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/","og_site_name":"\u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c","article_published_time":"2024-07-03T10:36:13+00:00","article_modified_time":"2024-07-03T10:36:15+00:00","og_image":[{"width":1202,"height":567,"url":"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg","type":"image\/jpeg"}],"author":"Niall Donnelly","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"Niall Donnelly","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/","url":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/","name":"First cybersecurity law in pipeline - \u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c","isPartOf":{"@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#primaryimage"},"image":{"@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#primaryimage"},"thumbnailUrl":"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg","datePublished":"2024-07-03T10:36:13+00:00","dateModified":"2024-07-03T10:36:15+00:00","author":{"@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/#\/schema\/person\/5b77a07b7692a02ba65ff29d05c8f3b5"},"breadcrumb":{"@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/"]}]},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#primaryimage","url":"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg","contentUrl":"https:\/\/www.boasecohencollins.com\/wp-content\/uploads\/CyberLaw_PHOTO.jpg","width":1202,"height":567},{"@type":"BreadcrumbList","@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/%e7%bd%91%e8%aa%8c\/first-cybersecurity-law-in-pipeline\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.boasecohencollins.com\/zh-hans\/"},{"@type":"ListItem","position":2,"name":"First cybersecurity law in pipeline"}]},{"@type":"WebSite","@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/#website","url":"https:\/\/www.boasecohencollins.com\/zh-hans\/","name":"\u5e03\u9ad8\u6c5f\u5f8b\u5e08\u884c","description":"2018\u53ca2019\u5e74\u5ea6\u6700\u4f73\u8bc9\u8bbc\u53ca\u4e89\u8bae\u89e3\u51b3\u5f8b\u5e08\u884c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.boasecohencollins.com\/zh-hans\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/#\/schema\/person\/5b77a07b7692a02ba65ff29d05c8f3b5","name":"Niall Donnelly","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.boasecohencollins.com\/zh-hans\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/54b15b260b9ed40d8e860705893b81f8cd72e1f211fea70f35ec1dcafc686171?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/54b15b260b9ed40d8e860705893b81f8cd72e1f211fea70f35ec1dcafc686171?s=96&d=mm&r=g","caption":"Niall Donnelly"}}]}},"_links":{"self":[{"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/posts\/5378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/comments?post=5378"}],"version-history":[{"count":1,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/posts\/5378\/revisions"}],"predecessor-version":[{"id":5380,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/posts\/5378\/revisions\/5380"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/media\/5375"}],"wp:attachment":[{"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/media?parent=5378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/categories?post=5378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.boasecohencollins.com\/zh-hans\/wp-json\/wp\/v2\/tags?post=5378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}