Collaboration with Stakeholders
International Standards
We strongly support and encourage the adoption of international information security standards and the acquisition of corresponding certifications in the industry. When developing the Government's security policy and guidelines, we made heavy reference to the national and international information security management standards, including the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standards on information security management systems (ISO/IEC 27001) and information security controls (ISO/IEC 27002). We also promote the adoption of international standards and best practices among business sectors through active collaboration with different stakeholders from the industry, academia and professional bodies.
Local and International Collaboration
Computer Emergency Response
The GovCERT.HK maintains close liaison with other regional computer emergency response teams (CERTs) through joining the CERT Coordination Centre (CERT/CC), the Forum of Incident Response and Security Teams (FIRST), and the Asia Pacific Computer Emergency Response Team (APCERT) to facilitate timely sharing of information on security threats, vulnerabilities and security incidents. We also actively participate in technological exchange activities held by the organisations, including the APCERT Drill on a regular basis.
Cyber Security Drill
The APCERT Drill is an annual event to test the response capability of leading Computer Security Incident Response Teams (CSIRT) from the Asia Pacific economies. The participating teams would activate and test their incident handling arrangements during the drill. As an Operational Member of APCERT, GovCERT.HK has participated in the APCERT Drill since 2016 to enhance interaction and communication protocols with local and international CSIRTs.
APCERT Drill Media Release:
https://www.apcert.org/documents/pdf/APCERTDrill2023PressRelease.pdf
Capability Development and Workshops
To foster the Government’s collaboration with international security experts for strengthening the knowledge of emerging cyber threats, vulnerabilities and appropriate mitigation solutions, GovCERT.HK strives to learn from the CERT community and participate in the various international conferences organised by the CERT community and training sessions organised by APCERT.
Partnership Programme for Cyber Security Information Sharing – “Cybersec Infohub”
The “Cybersec Infohub” is a partnership programme to promote closer collaboration among local information security stakeholders of different sectors to share cyber security information and jointly defend against cyber attacks. We provide a cross-sector cyber security information sharing and collaborative platform codenamed “Cybersechub.hk” and organise industry events to facilitate effective exchange of cyber security threat information, mitigation strategies, best practices and knowledge. To know more about the Programme, please visit “Cybersechub.hk”.
Programmes and Activities
The DPO promotes the development of cyber security industry and fosters exchanges and experience sharing among information and communications technology enterprises and experts.
We are working closely with our partners such as Hong Kong Police Force (HKPF) and Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) to organise security awareness programmes and activities such as the Build a Secure Cyberspace campaign (www.cybersecurity.hk/en/build-a-secure-cyberspace.php), the Cyber Security Professionals Awards and the Fight Ransomware Campaign (www.hkcert.org/publications/fight-ransomware).
Internet Infrastructure Liaison Group
The Internet is the core of the information infrastructure that is critical to communications, conduct of e-business and access to e-services. The Internet Infrastructure Liaison Group (IILG) was established by the Digital Policy Office (or the then Office of the Government Chief Information Officer) in March 2005 in order to maintain close liaison with Internet infrastructure stakeholders and strive in collaboration with the stakeholders for the healthy operation of the Internet infrastructure of Hong Kong.
Under the IILG mechanism, stakeholders (including IILG Members and major Internet service providers) would collaborate to:
- share first-hand information;
- facilitate the formulation of rapid and coordinated response; align actions and media response if appropriate; and
- plan on contingency measures
The Terms of Reference of IILG are:
- To provide a forum of exchange on issues concerning the smooth operation including stability, security, availability and resilience of the Internet Infrastructure of Hong Kong;
- To facilitate the stakeholders to formulate rapid and coordinated response in case of major incident outbreaks that will affect the smooth operation of the Internet infrastructure of Hong Kong; and
- To promote IT management best practices, experience and knowledge sharing and mutual assistance among members of the Liaison Group on protection of the Internet infrastructure of Hong Kong.
The IILG is chaired by the Deputy Commissioner (Digital Infrastructure). Members of the IILG include:
- Digital Policy Office (DPO)
- Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
- Hong Kong Internet Exchange (HKIX)
- Hong Kong Internet Registration Corporation Limited (HKIRC)
- Hong Kong Internet Service Providers Association (HKISPA)
- Hong Kong Police Force (HKPF)
- Office of the Communications Authority (OFCA)
The IILG mechanism would be activated in support of major events or in response to incident outbreak or natural disasters that would affect the smooth operation of the Internet infrastructure of Hong Kong. Round-table meetings were held when necessary to discuss and share effective measures to mitigate the risks.