Terrorism fears spark blackout of key operators listed in Hong Kong cybersecurity bill

A list of companies to fall under a Hong Kong bill designed to boost cybersecurity among “critical infrastructure” operators will not be made public in a bid to shield them from becoming potential terrorist targets, the security minister has said.

Chris Tang Ping-keung told lawmakers on Tuesday that the government would not disclose the names of companies to be regulated under the Protection of Critical Infrastructure (Computer System) Bill.

He added that operators would also bear the responsibility for implementation of the bill’s requirements, even if they employed contractors to run the infrastructure.

“Referencing how other places have handled the matter, we will disclose the sectors, but not the names, of the companies as they might become terrorist targets,” Tang said.

The proposal requires infrastructure operators to formulate and carry out computer system security management plans, which must be submitted to a commissioner’s office to be created under the Security Bureau.

The bill defines such infrastructure as areas crucial to the regular functioning of society, broken down into eight categories – energy, information technology, banking, communications, maritime, healthcare services, as well as land and air transport.