Hong Kong government centralised cybersecurity needed as line of defence, IT experts say after fresh breaches of security revealed
Duncan Chiu Tat-kun, a lawmaker who represents the innovation and technology sector, said individual departments worked on their own IT projects and apps and lacked a unified system.
He said the present piecemeal structure had led to diluted resources across departments, which lacked the capacity to tackle cyberattacks on an individual basis.
“It is time that we should no longer adopt this method of ‘letting one hundred flowers bloom simultaneously’, and the government should do it uniformly,” Chiu, also the president of the Hong Kong Information Technology Joint Council, said.
He appealed to the government to consolidate the resources into four major data hubs including iAM Smart – the one-stop personalised digital services platform, one for health management, one for companies, and another for spatial data, information that relates to specific geographical locations.
“The unification will improve digital security as it will enable us to use more resources to adopt the most secure systems,” he said.
Francis Fong Po-kiu, the honorary president of the Hong Kong Information Technology Federation, agreed a lack of coordination among government departments led to the repeat of errors that caused cybersecurity breaches.
“Some mistakes, including some simple ones, were repeated among different departments,” he said.
Breach at Hong Kong’s Companies Registry leaves 110,000 people’s data exposed
Breach at Hong Kong’s Companies Registry leaves 110,000 people’s data exposed
Fong added that a new digital policy office to be set up by the government would be able to coordinate and monitor IT-related affairs across the administration.
He said it would also help reduce the risk of further data breaches, and asked the government to speed up the creation of the central resource.
Fong also asked the authorities to extend their centralised cybersecurity measures to protect statutory and public bodies.
The new office was announced by Chief Executive John Lee Ka-chiu in last year’s policy address, to be created through a merger of the Office of the Government Chief Information Officer and the Efficiency Office.
Paul Chan Mo-po, the financial secretary, earlier said the office was expected to be up and running by the middle of the year.
Hong Kong privacy watchdog to grill authorities over leak of 17,000 people’s data
Hong Kong privacy watchdog to grill authorities over leak of 17,000 people’s data
The experts spoke out after an investigation into Hong Kong’s Companies Registry revealed on Friday that the online portal had leaked personal details of 110,000 people, including names, passport and identity card numbers and home addresses.
The registry said telephone numbers and email addresses were also compromised and that it had started to contact victims to explain and apologise.
The announcement of the breach came after the Office of the Privacy Commissioner for Personal Data said it would investigate a cybersecurity failure at the government’s Electrical and Mechanical Services Department.
The personal information of 17,000 people collected during the Covid-19 pandemic, including names, telephone numbers, ID numbers and addresses, was leaked because of an error in the department’s password login system.
The privacy watchdog on Thursday also revealed that the Consumer Council had breached privacy rules when personal information about more than 470 people was stolen in a cybersecurity attack.