Previous Main News
Next Main News Pause / Play slideshow

Press and Announcements

Previous slide of Whats New
Next slide of Whats New Pause / Play slideshow
Background

Protection of critical infrastructures

Nowadays, the operation of critical infrastructures ("CIs") has become more dependent on the Internet, computer systems, telecommunications infrastructures and smart devices, etc., and the computer systems of CIs are also increasingly vulnerable to attacks. If the operation of CIs is disrupted due to attacks on their computer systems, there may even be rippling effects, seriously jeopardising public interests, including the economy, people's livelihood and public safety.

The Protection of Critical Infrastructures (Computer Systems) Ordinance ("the Ordinance") draws reference from relevant legislation of other jurisdictions and international standards, with adjustments made in the context of Hong Kong.

Legislative intentThe intent is to set out, through legislation the important basic requirements for safeguarding the computer system security of CIs for maintaining the normal functioning of society, to minimise the chance of essential services being disrupted or compromised due to cyberattacks, thereby enhancing the overall computer system security in Hong Kong.

Our missionThe Office of the Commissioner of Critical Infrastructure (Computer-system Security) is committed to safeguarding the computer-system security of CIs.

Obligations of operatorsThe Ordinance establishes three categories of statutory obligations to ensure that CI operators can effectively protect the security of critical computer systems, and promptly respond to and recover the affected systems in the event of an attack.

Offences and penaltiesUnder the Ordinance, penalties will be imposed only at the organizational level and are not intended to target at operators' staff at individual level.