In response to the increasing number of cyberattacks, Hong Kong has launched its first-ever 60-hour cybersecurity drill aimed at enhancing the city’s defense capabilities. The drill, organized by the Digital Policy Office and supported by key stakeholders such as the Hong Kong police force and the Hong Kong Internet Registration Corporation, marks a significant step in the government’s ongoing efforts to strengthen cybersecurity. The drill is designed to simulate real-world cyber threats and test the preparedness of government systems to handle these evolving dangers. Innovation minister Sun Dong emphasized that this initiative is part of a long-term strategy to ensure cybersecurity while promoting Hong Kong’s development as a smart city.
The exercise features two teams: a “red” team composed of professional hackers and students from local institutes, and a “blue” defense team made up of staff from government departments. The red team will simulate various cyberattacks, including phishing emails and impersonation attempts, to gain access to sensitive information, while the blue team will work to detect and respond to these threats in real-time. This setup allows the government to evaluate how well its systems can handle actual cyber threats, with defenders earning points for successful detection and counteraction, while the attackers score points for any successful breaches.
Throughout the 60-hour event, the red team will remain stationed at the Hong Kong Institute of Information and Technology (HKIIT), which provides a controlled environment for the drill. Hong Kong’s Commissioner for Digital Policy, Tony Wong Chi-kwong, noted that the simulation is designed to be as realistic as possible since, in real-world scenarios, cyberattacks have no time limits or predetermined schedules. The drill will also continue normal operations on government systems, allowing for the evaluation of the effectiveness of current cybersecurity measures without disrupting essential services.
The exercise is part of a broader response to the growing number of cyberattacks in Hong Kong, with 16,182 technology crime cases reported in the first half of 2024 alone. The Hong Kong government is also working on the Protection of Critical Infrastructure (Computer System) Bill, which aims to enforce stringent security standards for operators of essential infrastructure. This bill, currently under consultation, is expected to be enacted by early 2026. The results of the 60-hour drill will be shared in December at a cybersecurity forum, highlighting Hong Kong’s commitment to improving its cybersecurity posture in the face of increasing threats.
Reference:
