The Executive Council announced on Wednesday that the government has drafted a by-law on the composition and operation of the government’s Cybersecurity Commission and Cybersecurity Incidents Alert and Response Centre, which will both start operating on December 22, two days after the 20th anniversary of Macau’s return to the motherland.
According to the Cybersecurity Law, which was passed by the Legislative Assembly (AL) in June and takes effect on December 22, a commission overseeing cybersecurity issues, which will be headed by the chief executive, and a centre to respond to cybersecurity incidents, the operation of which will be coordinated by the Judiciary Police (PJ), are to be set up. The centre is officially known as Cybersecurity Incidents Alert and Response Centre.
Leong Heng Teng, spokesman for the government’s top advisory body, made the announcement during a press conference at Government Headquarters on Wednesday.
Government-drafted by-laws, officially known as administrative regulations, do not require the legislature’s approval.
According to the Cybersecurity Law, Macau’s cybersecurity system comprises three parts, namely:
1.) the Cybersecurity Commission,
2.) the Cybersecurity Incidents Alert and Response Centre, and
3.) various government entities supervising the various operators of the city’s “critical infrastructures” – officially known as Cybersecurity Supervisory Entities in the law.
‘Critical infrastructures’
According to the Cybersecurity Law, “critical infrastructures” refers to the assets, information networks and computer systems important to the normal functioning of civil society and whose disruption, destruction, data leakage, suspension of operation or significant decrease in operational performance is likely to cause serious harm to public wellbeing, public safety, public order, or other important matter of public interest.
According to the Cybersecurity Law, the Cybersecurity Commission will be tasked with formulating the principles, objectives and strategies concerning cybersecurity and overseeing the tasks to ensure that the city’s cybersecurity is carried out by all the other entities in the cybersecurity system.
According to the Cybersecurity Law, the duties of the Cybersecurity Incidents Alert and Response Centre will include: 1) gathering information concerning cybersecurity incidents, 2) formulating measures in response to cybersecurity incidents, 3) issuing alerts about cybersecurity incidents, and 4) monitoring, in real-time, the movement of computer data transmitted between the Internet and the information networks run by the various operators of the city’s “critical infrastructures”.
The Cybersecurity Law states that the composition and operation of the Cybersecurity Commission and the Cybersecurity Incidents Alert and Response Centre is to be regulated by a supplementary administrative regulation.
According to Leong, the Cybersecurity Incidents Alert and Response Centre, the operation of which will be coordinated by the Judiciary Police, will also include senior officials from the Public Administration and Civil Service Bureau (SAFP) and Post and Telecommunications Bureau (CTT) as its members.
According to Leong, the secretary for security will be the vice- president of the Cybersecurity Commission headed by the chief executive. Other members of the commission will include the other policy secretaries, the chief-of-cabinet of the Chief Executive Office (GCE), the director of the Personal Data Protection Office (GPDP), top officials from the Cybersecurity Incidents Alert and Response Centre, and the respective top officials of 11 government public entities supervising the various operators of the city’s “critical infrastructures”.
11 entities, 18 areas
According to Leong, the by-law announced on Wednesday also lists the 11 government public entities supervising the various operators of the city’s “critical infrastructures” in 18 areas. The 11 public entities are the Municipal Affairs Bureau (IAM), Economic Services Bureau (DSE), Gaming Inspection and Coordination Bureau (DICJ), Macau Monetary Authority (AMCM), Health Bureau (SSM), Marine and Water Bureau (DSAMA), Post and Telecommunications Bureau (CTT), Environmental Protection Bureau (DSPA), Macau Civil Aviation Authority (AACM), Transport Bureau (DSAT) and Energy Sector Development Office (GDSE), supervising the various operators such as tap water supply, banks, hospitals, electricity supply, natural gas supply, land public transport service, maritime passenger transport service, aviation passenger transport service, broadcasters and gaming operators, among others.
