Hong Kong Cybersecurity Attack and Defence Drill 2024 launched today (with photos)

     The Government launched Hong Kong's first Cybersecurity Attack and Defence Drill today (November 15). The drill, which will span three days for a total of 60 hours, is spearheaded by the Digital Policy Office (DPO) in collaboration with the Cyber Security and Technology Crime Bureau of the Hong Kong Police Force, the Hong Kong Internet Registration Corporation Limited, and the Hong Kong Institute of Information Technology (HKIIT). Various government departments and public organisations have been invited to participate in the exercise, which aims to enhance their technical skills, experience, and overall defensive capabilities against cyberattacks.

     During the drill, cybersecurity professionals acting as attackers (the Red Teams) perform simulated cyberattacks in a strictly controlled environment on participating organisations' designated information systems, which are already in operation to identify potential security risks and vulnerabilities. The defenders (the Blue Teams) deploy their technical skills and strategies to fend off these attacks, thereby strengthening their incident response capabilities and enhancing their experience.

     At the opening ceremony, the Secretary for Innovation, Technology and Industry, Professor Sun Dong, explained that the ultimate concept of the drill is "knowing your opponent and yourself well". He noted that the first Hong Kong Cybersecurity Attack and Defence Drill spearheaded by the DPO examines the defence capabilities of government departments and public organisations through practical combat scenarios on Internet-facing information systems, while carrying out in-depth security assessments and vulnerability detection activities of the relevant systems at the same time.

     Twelve Blue Teams from nine government departments and three public organisations are participating with their designated information systems in the drill. The five Red Teams, meanwhile, comprise members from the Hong Kong Applied Science and Technology Research Institute, the Hong Kong College of Technology, the HKIIT, and two winning teams from the Cyber Attack and Defence Elite Training cum Tournament held earlier. The DPO has also invited eight cybersecurity firms from the Mainland with extensive drill experience to provide technical support and advice to both the Red and Blue Teams. Representatives from more than 50 organisations are also attending as observers to learn more about the drill process, to serve as a reference for future drills.