Collaboration with Stakeholders

International Standards

We strongly support and encourage the adoption of international information security standards and the acquisition of corresponding certifications in the industry. When developing the Government's security policy and guidelines, we made heavy reference to the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standards on information security management systems (ISO/IEC 27001) and information security controls (ISO/IEC 27002). We also promote the adoption of international standards and best practices among business sectors through active collaboration with different stakeholders from the industry, academia and professional bodies.

In April 2014, we hosted the ISO/IEC Joint Technical Committee 1/Sub-Committee 27 (SC 27) meeting in Hong Kong with a view to promoting wider adoption of international standards and best practices in the local IT industry. The meeting was attended by over 300 overseas and local security experts and professionals from more than 30 economies. Moreover, the International Conference on Information Security Standards organised during the meeting period attracted some 400 participants including over 200 local attendees. The events have successfully raised security awareness and promoted wider adoption of international standards in information security in Hong Kong.

Local and International Collaboration

Computer Emergency Response

The GovCERT.HK maintains close liaison with other regional computer emergency response teams (CERTs) through joining the CERT Coordination Centre (CERT/CC), the Forum of Incident Response and Security Teams (FIRST), and the Asia Pacific Computer Emergency Response Team (APCERT) to facilitate timely sharing of information on security threats, vulnerabilities and security incidents. We also actively participate in technological exchange activities held by the organisations, including the APCERT Drill on a regular basis.

Cyber Security Drill

The APCERT Drill is an annual event to test the response capability of leading Computer Security Incident Response Teams (CSIRT) from the Asia Pacific economies. The participating teams would activate and test their incident handling arrangements during the drill. As an Operational Member of APCERT, GovCERT.HK has participated in the APCERT Drill since 2016 to enhance interaction and communication protocols with local and international CSIRTs.

APCERT Drill Media Release:
https://www.apcert.org/documents/pdf/APCERTDrill2023PressRelease.pdf

Capability Development and Workshops

To foster the Government’s collaboration with international security experts for strengthening the knowledge of emerging cyber threats, vulnerabilities and appropriate mitigation solutions, GovCERT.HK strives to learn from the CERT community and participate in the various international conferences organised by the CERT community and training sessions organised by APCERT.

Partnership Programme for Cyber Security Information Sharing – “Cybersec Infohub”

The “Cybersec Infohub” is a partnership programme to promote closer collaboration among local information security stakeholders of different sectors to share cyber security information and jointly defend against cyber attacks.  We provide a cross-sector cyber security information sharing and collaborative platform codenamed “Cybersechub.hk” and organise industry events to facilitate effective exchange of cyber security threat information, mitigation strategies, best practices and knowledge. To know more about the Programme, please visit “Cybersechub.hk”.

Programmes and Activities

The OGCIO promotes the development of cyber security industry and fosters exchanges and experience sharing among information and communications technology enterprises and experts.

We are working closely with our partners such as Hong Kong Police Force (HKPF) and Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) to organise security awareness programmes and activities such as the Build a Secure Cyberspace campaign (www.cybersecurity.hk/en/build-a-secure-cyberspace.php), the Cyber Security Professionals Awards and the Fight Ransomware Campaign (www.hkcert.org/publications/fight-ransomware).

Since 2016, the OGCIO and the Bureau of Cyber Security of Cyberspace Administration of China (CAC) jointly organise the Hong Kong-Mainland Cyber Security Forum to promote closer collaboration of the IT security industry of the two places.

• The HK-Mainland Cyber Security Forum 2016 was held in Hong Kong on 12 April 2016 with the theme “Cyber Security Landscape”. Information security and challenges of cloud computing and big data analytics as well as security risks and measures associated with FinTech were explored.
• The Second HK-Mainland Cyber Security Forum was held in Xiamen on 15 October 2017 with the theme “Facilitating Data Flow Securely and Orderly, Promoting Economic and Social Development in Both Places”.
• The Third HK-Mainland Cyber Security Forum was held in Hong Kong on 11 April 2018 with the theme “Challenges and Opportunities of Secure, Smart Connectivity”. Cyber security experts shared their insights on the challenges to be posed by smart connectivity, including strategies and measures to safeguard infrastructure and big data security.

More information about the Hong Kong-Mainland Cyber Security Forum is available at:
www.cybersecurity.hk/en/csf.php

Internet Infrastructure Liaison Group

The Internet is the core of the information infrastructure that is critical to communications, conduct of e-business and access to e-services. The Internet Infrastructure Liaison Group (IILG) was established by the OGCIO in March 2005 in order to maintain close liaison with Internet infrastructure stakeholders and strive in collaboration with the stakeholders for the healthy operation of the Internet infrastructure of Hong Kong.

Under the IILG mechanism, stakeholders (including IILG Members and major Internet service providers) would collaborate to:

• share first-hand information;
• facilitate the formulation of rapid and coordinated response; align actions and media response if appropriate; and
• plan on contingency measures

The Terms of Reference of IILG are:

• To provide a forum of exchange on issues concerning the smooth operation including stability, security, availability and resilience of the Internet Infrastructure of Hong Kong;
• To facilitate the stakeholders to formulate rapid and coordinated response in case of major incident outbreaks that will affect the smooth operation of the Internet infrastructure of Hong Kong; and
• To promote IT management best practices, experience and knowledge sharing and mutual assistance among members of the Liaison Group on protection of the Internet infrastructure of Hong Kong.

The IILG is chaired by the Deputy Government Chief Information Officer. Members of the IILG include:

• Office of the Government Chief Information Officer (OGCIO)
• Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
• Hong Kong Internet Exchange (HKIX)
• Hong Kong Internet Registration Corporation Limited (HKIRC)
• Hong Kong Internet Service Providers Association (HKISPA)
• Hong Kong Police Force (HKPF)
• Office of the Communications Authority (OFCA)

The IILG mechanism would be activated in support of major events or in response to incident outbreak or natural disasters that would affect the smooth operation of the Internet infrastructure of Hong Kong. Round-table meetings were held when necessary to discuss and share effective measures to mitigate the risks.