In the first meeting of the newly-established Cybersecurity Commission earlier this week, Chief Executive Ho lat Seng, who chairs the commission, underlined that the implementation of the new Cybersecurity Law “is not a mere formality”.
According to a statement by the Chief Executive Office (GCE) on Tuesday, the meeting was held at the Judiciary Police (PJ) headquarters in Zape on Monday.
The commission started operating on December 22, when the Cybersecurity Law came into force.
The Cybersecurity Law, which was passed by the Legislative Assembly (AL) in June last year, requires the setting-up of a commission overseeing cybersecurity issues, which is headed by the chief executive, and a centre to respond to cybersecurity incidents, the operation of which is coordinated by the Judiciary Police (PJ). The centre, officially known as Cybersecurity Incidents Alert and Response Centre, also started operating on December 22.
According to the Cybersecurity Law, Macau’s cybersecurity system comprises three parts, namely: 1) the Cybersecurity Commission, 2) the Cybersecurity Incidents
Alert and Response Centre, and 3) various government entities supervising the various operators of the city’s “critical infrastructures” – officially known as Cybersecurity Supervisory Entities in the law.
Secretary for Security Wong Sio Chak is the vice-president of the Cybersecurity Commission headed by Ho. Other members of the commission include the government’s other four policy secretaries, the chief-of-cabinet of the Chief Executive Office (GCE), the director of the Personal Data Protection Office (GPDP), top officials from the Cybersecurity Incidents Alert and Response Centre, and the respective top officials of 11 government entities supervising the various operators of the city’s “critical infrastructures”. PJ Director Sit Chong Meng is the secretary of the commission.
Local & national security
During Monday’s meeting. Ho noted that cybersecurity is closely related to local security and even national security, adding that the taking effect of the Cybersecurity Law means the commencement of the government’s responsibility for cybersecurity.
Ho said that the commission’s decision-making ability, supervisory capacity and coordination level determine whether the tasks carried out by the Cybersecurity Incidents Alert and Response Centre, the various operators of the city’s “critical infrastructures”, and the 11 government entities supervising them, will be effective, and also determine Macau’s performance in ensuring its cybersecurity and safeguarding national security.
According to the Cybersecurity Law, “critical infrastructures” refers to the assets, information networks and computer systems important to the normal functioning of civil society and whose disruption, destruction, data leakage, suspension of operation or significant decrease in operational performance is likely to cause serious harm to public wellbeing, public safety, public order, or other important matter of public interest.
The Cybersecurity Incidents Alert and Response Centre, covering an area of 300 square metres, is located at the PJ headquarters.
In his concluding remarks in the meeting, Ho underlined that the implementation of the Cybersecurity Law “is absolutely not a matter of superficial public relation campaigns, neither is a mere formality”. Ho urged the officials in the commission to ensure that the operators of the city’s “critical infrastructures” always pay close attention to and ensure Macau’s cybersecurity, according to Tuesday’s statement.
Ho urged the 11 government entities supervising the operators of the city’s “critical infrastructures” to finish drafting their respective cybersecurity management activity plans for this year in two months and to clarify their respective powers and duties in the city’s cybersecurity work.
According to the Macau Post Daily, Ho urged the centre to deliver a good performance in its dissemination of information concerning cybersecurity and its communication with the commission and the 11 government entities. Ho said that the centre and the 11 government entities will need to submit their respective reports on the progress of their work when the commission convenes the next meeting six months later.