Hong Kong Business News

The latest version of the Government’s IT Security Guidelines aims to strengthen the security barrier of its internal information network system and does not involve a “blanket ban” on the use of relevant communication tools, the Digital Policy Office has said.

The office made a statement in response to media enquiries concerning the use of personal webmail, public cloud storage and the web versions of instant messaging services.

In its updated guidelines, issued in April, the office reminded all bureaus and departments that use of such utilities and services on desktop computers connected to the government internal network by their staff will, in the face of increasingly severe cyber threats, bring potential information security risks, and that these must be well managed.

Accordingly, the office formulated security guidelines for the use of desktop computers connected to the Government’s internal network systems, whereby staff have to obtain the approval of departmental management before using personal webmail, public cloud storage and instant messaging services on desktop computers connected to internal networks.

Based on operational needs, bureaus and departments were given the chance – during a six-month adaptation period following the promulgation of the guidelines – to implement contingencies such as providing staff with mobile devices or designated computers that are isolated from internal systems, so that they might continue using personal webmail, public cloud storage and instant messaging services, or dedicated application systems developed by the bureaus or departments concerned.

The statement by the office said the guidelines aimed to strengthen the security of the Government’s internal information network system, and stressed that they do not restrict or affect the use of services such as WhatsApp, WeChat and other commonly used instant messaging apps by staff on mobile phones and devices, or on desktop computers that are independent of the Government’s internal network system.

Emphasising that there is no “blanket ban” on the use of relevant communication tools, the office said the requirements do not apply to computer systems or communication devices that are not connected to the Government’s internal network, such as on-campus systems in government schools.

Since the guidelines were promulgated in April, the office has arranged a number of sessions to brief bureaus and departments on the various requirements and technical solutions, and has provided technical advice to facilitate compliance and the formulation of implementation plans within the six-month period.

The office said it will continue to provide support to bureaus and departments, including through arranging more briefing sessions and sharing technology solutions, and will work with them to safeguard the Government’s information system and network security.