Mr Franz Grüter (National Councillor of Swiss Parliament and President of Alliance Digital Security Switzerland (ADSS)), Mr Daniel Freihofer (Consul General of Switzerland in Hong Kong), Mr Andreas Kaelin (Co-Founder of ADSS, Member of the Board and CEO of National Test Institute for Cybersecurity), distinguished guests, ladies and gentlemen,

It is my great pleasure to welcome you all to Hong Kong and to this seminar, where we gather to explore the critical intersection of technology, innovation, and cybersecurity. Today, I am honored to share an overview of the Hong Kong Special Administrative Region’s (HKSAR) cybersecurity policies and initiatives, as we strive to build a secure, resilient, and innovative digital future.

Let me begin with a brief introduction to the Digital Policy Office (DPO). DPO operates under the Innovation, Technology and Industry Bureau (ITIB). It is led by the Commissioner for Digital Policy and tasked with formulating policies and measures related to digital government, data governance, and information technology, while overseeing the implementation of digital policies across government bureaux and departments (B/Ds).

Our mission is clear: to champion data-driven, people-centric, and outcome-focused policies that drive the development of a digital government. We are committed to enhancing government efficiency and service quality, delivering impactful, convenient, and meaningful benefits to citizens and businesses alike, thereby stimulating economic growth and fostering a more inclusive and sustainable society. Above all, we strive to foster the sustainable growth of our digital government, economy, and society, ensuring Hong Kong thrives as a global leader in innovation and technology.

As a cornerstone of Hong Kong’s ambition to become a global innovation hub, the DPO is spearheading initiatives to accelerate artificial intelligence (AI) development. We are harnessing secure, high-quality data resources to drive AI innovation, complemented by the Cyberport Artificial Intelligence Supercomputing Centre (AISC), which will progressively deliver 3,000 petaflops of computing power to meet the needs of local universities, R&D institutes, and enterprises. To catalyse AI development, the HKSAR Government has committed $3 billion to a three-year AI Subsidy Scheme, designed to empower local institutions, research centers, government departments, and businesses. This initiative leverages the AISC’s computational capabilities to achieve groundbreaking scientific advancements, accelerating the growth of AI-driven industries.

The DPO has commissioned the Hong Kong Generative AI Research and Development Center (HKGAI), to assist in research and formulation of the “Hong Kong Generative Artificial Intelligence Technical and Application Guideline”, so as to provide relevant codes and practices on the technology and the use of generative artificial intelligence (AI) technologies for reference by various sectors. Across government B/Ds, we are adopting AI to enhance digital government services, delivering smarter, citizen-centric solutions that drive efficiency and innovation.

As we leverage the transformative power of AI to drive innovation, we recognise that a secure digital foundation is essential to sustain this progress. A secure and robust cybersecurity environment is paramount to fostering the growth of the digital economy and advancing our vision of a smart city. To achieve this mission, the DPO, in collaboration with key industry partners, has adopted a multifaceted strategy. Through this approach, our work focuses on empowering the community, nurturing talent, fostering collaboration with stakeholders, and strengthening internal protections within the government with a view to comprehensively enhancing Hong Kong’s cybersecurity capabilities.

The HKSAR Government has instituted a thorough and resilient information security management framework to safeguard its digital infrastructure. To further bolster the cybersecurity of government information systems, a series of strategic enhancements have been implemented. These include reinforcing the self-monitoring responsibilities of government departments, requiring each to designate a senior directorate to lead the overall information security management of that department. The DPO will also actively intensify independent cyber security tests for large-scale and high-risk IT projects, conducting regular vulnerability inspections, penetration tests, surprise checks, in-depth compliance audits, and so on. Additionally, we are also enhancing the cybersecurity awareness and technical expertise of relevant personnel through targeted training programmes. These measures are designed to robustly protect information systems and data, laying a solid foundation for accelerating the development of a secure and efficient digital government.

To safeguard the Government’s information systems and data assets, we regularly align with the latest national and international standards, as well as industry best practices, to develop and update a suite of information technology security guidelines for B/Ds. DPO has released a newly revised IT Security Policy and Guidelines last year, which strengthens information security controls across various domains. The updated framework also introduces elevated security protection levels for government information systems, mandating departments to adopt a risk-based approach to assess system security levels of their information systems and implement corresponding security controls tailored to those classifications. These measures aim to more effectively protect government information systems and data. Furthermore, the DPO has published the Policy and Guidelines on its website, enabling both public and private organisations can make reference to them as and when required. Organisations can adopt the recommended principles and measures for managing security risks to better fit their specific needs, fostering a broader culture of cybersecurity resilience.

The HKSAR Government is deeply committed to enhancing the cybersecurity knowledge and skills of its workforce. To this end, we organised a range of initiatives, including Inter-departmental Cyber Security Drill, seminars, solution showcases, and, notably, Hong Kong’s first Cybersecurity Attack and Defence Drill in last November. This real-world simulation exercise invites participation from B/Ds and public bodies, replicating authentic cyberattack scenarios to rigorously test the response and resilience of the participating IT systems. The drills are designed to enhance the technical proficiency, practical experience, and overall defensive capabilities of B/Ds and public bodies, strengthening Hong Kong’s cybersecurity frontline through hands-on training and strategic fortification. Building on this success, we are actively preparing for another round of the Cybersecurity Attack and Defence Drill in 2025. These efforts underscore our dedication to fostering a highly skilled and resilient cybersecurity workforce prepared to safeguard Hong Kong’s digital landscape.

The DPO maintains close collaboration with industry partners to promote cybersecurity awareness within the community and implement a range of initiatives to support small and medium enterprises (SMEs). These efforts include disseminating cybersecurity tips and security advisories to the public, conducting security talks for schools and non-governmental organisations, organising diverse contests, seminars, and public education exhibitions. In partnership with the Hong Kong Internet Registration Corporation (HKIRC), the DPO supports the Cybersec One Programme, which offers SMEs free risk assessments, vulnerability identification, and staff training to strengthen their information security. Additionally, in collaboration with the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), the Cybersecurity Vendor Connect Programme will be launched to provide organisations with a list of suitable and cost-effective cybersecurity solutions to enhance their defenses.

The HKSAR Government has established the Government Computer Emergency Response Team Hong Kong (GovCERT.HK), which actively cultivates close partnerships with governmental and regional CERTs, as well as international organisations. This collaboration is dedicated to promoting the exchange of critical information and expertise, enabling us to proactively reduce vulnerabilities, mitigate risks, and swiftly respond to cyber threats and attacks. GovCERT.HK also actively participates in a range of activities organised by world-renowned bodies, including annual joint incident response drill and information security conferences.

To inspire young people to pursue careers in cybersecurity, the HKSAR Government is steadfast in its commitment to advancing Hong Kong’s cybersecurity industry and fostering talent development. We actively support a wide range of initiatives, including the Cyber Youth Programme, the Capture the Flag Challenge, and the Cyber Attack and Defence Elite Training cum Tournament, etc. These encompass diverse competitions, technical seminars, and professional training programmes designed to engage and upskill aspiring professionals. Concurrently, we encourage enterprises, organisations, and IT professionals to attain national and international cybersecurity certifications and qualifications. To build a robust talent pipeline, we also advocate for Hong Kong’s tertiary institutions to integrate more cybersecurity courses across various disciplines, nurturing a new generation of skilled individuals eager to contribute to the cybersecurity sector.

In closing, the HKSAR Government is unwavering in its commitment to building a secure, innovative, and inclusive digital future for Hong Kong. By strengthening cybersecurity governance, empowering our community, harnessing cutting-edge technologies, nurturing talent, and fostering global partnerships, we aim to solidify Hong Kong’s position in the global technology and cybersecurity landscape. We look forward to deepening our collaboration to address shared challenges, seize the opportunities of the digital age and build a more secure digital future. Together, let us forge a safer, smarter, and more resilient cyberspace for all. Thank you, and I wish you a productive and inspiring conference.

- ENDS -