Cybersecurity a key pillar in Hong Kong’s smart city development

Local cybersecurity professionals in the public and private sector were urged to keep pace with the constantly evolving threat landscape to protect the city against all types of cyber risks.

“Cyberattacks are getting more and more sophisticated, and it is crucial that our defenses to such attacks be fast, flexible and evolving,” said Victor Lam, deputy government CIO, at the recently concluded Total Security Conference held in Hong Kong.


“Hong Kong embraces a relatively safe cyberspace. We are neither on the list of the top 10 source economies nor target economies for web application attacks. However, we must stay vigilant to emerging threats such as ransomware and data breaches because the cybersecurity situation worldwide is getting tougher and tougher, and Hong Kong is no exception as we are an international and open city,” he said.

Apart from the traditional approach, Lam encouraged cybersecurity professionals in the city to use new concepts to prepare their organization for imminent attacks.

“For instance, big data analytics provide an opportunity to enhance the effectiveness in gathering and analyzing cyber threat information,” he said, adding that the government has set up a sharing platform which collects and analyzes threat data, detects potential incidents, and provides more targeted alerts and information to all government departments.

Key pillar of HK’s smart city development

Lam pointed out that as Hong Kong forges ahead with its plan to build a smart city, the safety of cyberspace needs to be enhanced.

“Cybersecurity is a necessary pillar of smart city development,” Lam said. “Via the [smart city] blueprint, we will recommend smart city strategies and potential initiatives to address major urban challenges faced by Hong Kong and enhance the quality of city management services.”

He added: “We will not underestimate the cyber risks involved. There will be commensurate technologies and mechanisms to ensure information security and privacy protection.”

He noted that concerted efforts of all stakeholders are also required to fortify cybersecurity. “In particular, the sharing of cyber threat information with local and overseas parties as well as the adoption of emerging security technologies are paramount in identifying the threats timely to prevent counter cyberattacks.”

IoT security: OT systems are vulnerable

With the use of sensors and IoT devices expected to grow with Hong Kong’s smart city development, participants at the conference stressed the importance of looking deeper into the security of the sensors that are now residing inside industrial systems or what is commonly known as OT (operational technology) systems.

OT is a category of hardware and software that monitors and controls how physical devices perform. It is used primarily in industrial control systems for manufacturing, transportation and utilities. Unlike IT, the technology that controlled operations in those industries was not networked. Many of the tools for monitoring or making adjustments to physical devices were mechanical and those that did have digital controls used closed, proprietary protocols. And typically, most companies in these industries keep their OT systems and IT systems separately.