Hong Kong government centralised cybersecurity needed as line of defence, IT experts say after fresh breaches of security revealed
- IT experts say centralised cybersecurity would help prevent errors that lead to breaches of personal information
- They appeal to government to prioritise the creation of a new digital policy office to better coordinate defences against data theft
Hong Kong should draw up policies to centralise cybersecurity protection for all government departments and associated organisations to prevent more security breaches, IT experts said on Saturday after a string of data breaches at major public bodies.
The IT specialists also appealed to the government to speed up the creation of a new digital policy office to consolidate information technology-related resources and coordinate efforts among departments.
Duncan Chiu Tat-kun, a lawmaker who represents the innovation and technology sector, said individual departments worked on their own IT projects and apps and lacked a unified system.
He said the present piecemeal structure had led to diluted resources across departments, which lacked the capacity to tackle cyberattacks on an individual basis.
“It is time that we should no longer adopt this method of ‘letting one hundred flowers bloom simultaneously’, and the government should do it uniformly,” Chiu, also the president of the Hong Kong Information Technology Joint Council, said.
He appealed to the government to consolidate the resources into four major data hubs including iAM Smart – the one-stop personalised digital services platform, one for health management, one for companies, and another for spatial data, information that relates to specific geographical locations.
“The unification will improve digital security as it will enable us to use more resources to adopt the most secure systems,” he said.
Francis Fong Po-kiu, the honorary president of the Hong Kong Information Technology Federation, agreed a lack of coordination among government departments led to the repeat of errors that caused cybersecurity breaches.
“Some mistakes, including some simple ones, were repeated among different departments,” he said.
Fong added that a new digital policy office to be set up by the government would be able to coordinate and monitor IT-related affairs across the administration.
He said it would also help reduce the risk of further data breaches, and asked the government to speed up the creation of the central resource.
Fong also asked the authorities to extend their centralised cybersecurity measures to protect statutory and public bodies.
The new office was announced by Chief Executive John Lee Ka-chiu in last year’s policy address, to be created through a merger of the Office of the Government Chief Information Officer and the Efficiency Office.
Paul Chan Mo-po, the financial secretary, earlier said the office was expected to be up and running by the middle of the year.
The experts spoke out after an investigation into Hong Kong’s Companies Registry revealed on Friday that the online portal had leaked personal details of 110,000 people, including names, passport and identity card numbers and home addresses.
The registry said telephone numbers and email addresses were also compromised and that it had started to contact victims to explain and apologise.
The announcement of the breach came after the Office of the Privacy Commissioner for Personal Data said it would investigate a cybersecurity failure at the government’s Electrical and Mechanical Services Department.
The privacy watchdog on Thursday also revealed that the Consumer Council had breached privacy rules when personal information about more than 470 people was stolen in a cybersecurity attack.
