LCQ6: Building strong digital security barrier
**********************************************
Following is a question by the Hon Duncan Chiu and a reply by the Secretary for Innovation, Technology and Industry, Professor Sun Dong, in the Legislative Council today (July 5):
Question:
In February this year, the State Council published the "Plan for the Overall Layout of Building a Digital China" (the Plan), proposing to build a firm, credible and controllable digital security barrier. In this connection, will the Government inform this Council:
(1) on the premise of integrating into the overall development of the country, pressing ahead with the development of a digital economy and promoting the high-quality development of the economy of the country and Hong Kong, whether the authorities will conduct an in-depth study on the Plan, and explore the opportunities and impact that it will bring to Hong Kong and how Hong Kong should complement the Plan for better implementation of it (including whether it will interface with the Plan in the future), so as to manifest the spirit of "one country, two systems";
(2) whether it has comprehensively assessed the digital security risks at Hong Kong's and even the country's level; if so, of the specific risk assessment mechanism (including the areas involved, and whether risk levels have been set and the criteria based on which such levels are set), as well as the outcome of the assessment; and
(3) how it will reinforce the digital security barrier in Hong Kong, including whether it will conduct top-level planning under the leadership of the Secretaries of Departments and even the Chief Executive, introduce relevant plans by making reference to the Mainland's practice, and consider enacting relevant laws and regulations as well as formulating guidelines, etc., so as to safeguard national security; if it will consider enacting legislation, of the specific direction and implementation timetable?
Reply:
President,
The National 14th Five-Year Plan maps out the vision of developing a digital economy and indicates clear support for Hong Kong to develop into an international innovation and technology (I&T) hub. To dovetail with the country's overall development plan, the Hong Kong Innovation and Technology Development Blueprint (the Blueprint) promulgated last year highlights "to promote digital economy development and develop Hong Kong into a smart city" as one of the four major development directions, under which we adopt a data-driven approach to drive the development of I&T and smart city.
Having consulted the Security Bureau (SB), my reply to the questions raised by the Hon Chiu is as follows:
(1) The "Plan for the Overall Layout of Building a Digital China" (Plan for Digital China) published by the State Council earlier this year proposes to establish "two bases", namely digital infrastructure facilities and data resource systems, in order to forge ahead the in-depth integration between digital technology and socio-economic development. It also seeks to strengthen the digital technology innovation system and digital security barrier as "two capabilities", and enhance the "two environments" locally and internationally for digital development.
The Plan for Digital China serves as an important reference for our work and planning in driving development of a digital economy. In fact, the development directions and recommendations put forward in the Blueprint also echo that of the Plan for Digital China.
On digital infrastructure facilities, we have launched the Public Sector Information Portal (data.gov.hk), "iAM Smart", the Common Spatial Data Infrastructure portal, the Next Generation Government Cloud Infrastructure, the Big Data Analytics Platform and the Shared Blockchain Platform. We are also developing the Consented Data Exchange Gateway which would be conducive to promoting interchange of government data. The study on the development of artificial intelligence supercomputing centre has also commenced.
On smoothing out data resources and deepening provision of e-government services, we have put in place the open data policy and set targets to turn all government services online in 2024 and achieve the goal of "single portal for online government services" in 2025.
On the other hand, the Innovation, Technology and Industry Bureau and the Cyberspace Administration of China have recently entered into a Memorandum of Understanding that seeks to agree on the applicable rules and administrative measures under the national management framework on safeguarding the security of cross-boundary data, with a view to fostering the safe and orderly data flow from the Mainland within the Guangdong-Hong Kong-Macau Greater Bay Area.
The Plan for Digital China covers a myriad of inter-related initiatives. We will continuously examine and enhance our current work in relation to data governance. The Digital Economy Development Committee established last year is studying in detail into four major topics on digital infrastructure, digital transformation, cross-boundary data flow and talent development. It is expected to come up with some recommendations this year and provide new impetus to the digital economy development in Hong Kong.
(2) With regards to management of data security risk, the Government has devised a multi-layered mechanism focusing on areas such as the governance, classification, grading, protection, audit, risk assessment, monitoring and contingency of data. For instance, the SB has formulated the Security Regulations which include dedicated chapters governing information security for ensuring the security of government internal information and information systems. In accordance with the framework laid down by the Security Regulations, the Office of the Government Chief Information Officer has stipulated a set of Government IT Security Policy and Guidelines, which require individual bureaux and departments to regularly conduct risk assessment and audit regarding their information systems and data security, and take measures promptly to ensure the security of the government systems and data.
To address possible security risks associated with critical infrastructures in different sectors, the Critical Infrastructure Security Coordination Centre (CISCC) and the Cyber Security Centre (CSC) of the Police Force operate round the clock. The CISCC seeks to strengthen self-protection and restoration capabilities of the critical infrastructures through public-private sector cooperation, risk management, on-site security inspections, etc. Meanwhile, the CSC conducts timely cyber threat audits and analyses to prevent and detect cyber attacks against the critical infrastructures.
(3) Protecting and strengthening the digital security barrier is a continuous effort. The increase in cyber attacks in recent years has brought substantial challenges to the cyber security of critical infrastructures around the world. At present, Hong Kong does not have specific legal requirements on the cyber security of critical infrastructures. As mentioned in the Chief Executive's 2022 Policy Address, the Government is currently making preparatory work with a view to defining clearly, through legislation, the obligations of operators of critical infrastructures in respect of cyber security, thereby strengthening the cyber security of critical infrastructures in Hong Kong. The Government is working on the draft legislative framework and soliciting initial views from the industries. A public consultation exercise on the preliminary legislative proposals will follow.
The Government will continue to closely monitor and draw reference from the latest development of data protection and cyber security in the Mainland and elsewhere in the world. It will take necessary means to protect digital security and enhance our capability in tackling cyber risks.
Ends/Wednesday, July 5, 2023
Issued at HKT 16:02
NNNN