A contingency plan for the Hong Kong government’s computer systems is needed in the wake of the Microsoft worldwide shutdown last week, the head of the city’s new cybersecurity watchdog has said.
Tony Wong Chi-kwong, commissioner of the new Digital Policy Office, on Saturday added his team would remind bureaus and departments on a regular basis to boost their cybersecurity defences and that his team would act as a regulator to check for security loopholes.
“This [Microsoft] incident reflected that organisations and government departments must have backup systems, while they also cannot rely on a single system to provide services – this is our most fundamental consideration,” Wong said in a radio interview.
He added his office was planning cybersecurity drills for the government’s network for later this year.
Wong said the exercise would involve a “red team” simulating a string of attacks on a variety of government departments and a “blue team” would act as defender of the network.
A botched software update by US tech firm CrowdStrike resulted in Microsoft computer systems crashing around the world last week, grounding flights, taking TV broadcasts off-air and disrupting banks, hospitals and retailers.
The Digital Policy Office was established on Thursday through a merger of the Office of the Government Chief Information Officer and the Efficiency Office.
The government said the new set-up, announced in last year’s policy address, would accelerate the development of data governance and digital infrastructure.
Wong estimated that the city’s policy bureaus and departments involved at least 3,000 computer systems, with more than 200 updates every year and that they faced constantly evolving cyberattack threats.
A string of major public bodies and private organisations faced large-scale cyberattacks last year after hackers exposed personal information and demanded large sums of money.
The Fire Services Department in May reported a potential data leak that involved the personal information of more than 5,000 members of the public and staff when an outside contractor changed data access rights without authorisation.
The Consumer Council was hacked last September and the attackers demanded US$500,000 as a ransom payment after they broke into 93 systems and compromised 11 servers and workstations.
Hi-tech business park Cyberport was also the victim of attacks last August, with more than 400GB of sensitive staff information put up for sale on the dark web.
The digital policy team is made up of three branches, focused on digital government, data governance and digital infrastructure.
They will formulate policy, encourage departments to apply information technology and to introduce innovative public services.
The data governance branch will also promote the sharing of digitised information, as well as the use of data analytics and applications.
02:15
Airports across the world see operations disrupted as Microsoft systems outage hits globally
Airports across the world see operations disrupted as Microsoft systems outage hits globally
The new office will also enhance digital infrastructure and security, promote industry development and strengthen cooperation with mainland China, including the development of ways to improve cross-boundary information exchange and services.
Wong also revealed plans to install “mini-programs” in the government’s “iAM Smart” mobile app to enable the public to access different government services through one platform.
Wong said people sometimes had to go through multiple departments to register for a single licence.
“The organisation of our government is centred around different bureaus, but to citizens, they might want the service of one government as a whole,” Wong added.
Lawmaker Johnny Ng Kit-chong said it was important to regularly maintain the backup system, while the government and companies could consider using a brand different from its primary system to minimise the impact from cyber failure.
But he noted that using a different system could bring technical challenges and huge costs.
Fellow legislator Duncan Chiu urged the public and private sectors to formulate several contingency plans including a manual operation proposal and conduct drills to build their capacity to address technical breakdowns.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, said data centres should be set up in different districts to ensure uninterrupted public service during power outages in certain areas.
Sun Dong, the innovation, technology and industry secretary, said earlier that digitalisation was good for social and economic development,
He added that digital technology and data were also important in driving high-quality development and quality production.
