With a view to enhancing the security and reliability of Hong Kong's telecommunications networks, services and applications, all major local fixed and mobile operators in Hong Kong have pledged compliance with the measures and best practices set out in (i) "Security Guidelines for Next Generation Networks" (NGN Guidelines) and (ii) "Code of Practice on the Operation and Management of Internet of Things Devices" (CoP for IoT devices) as appropriate.
Highlights of some key measures and best practices under the NGN Guidelines and CoP for IoT devices are as follows –
| NGN Guidelines |
|---|
| – Implement security policies and measures for network, and develop a set of procedures on incident response and remedy |
| – Ensure that all factory default parameters of network equipment or software are properly configured |
| – Maintain up-to-date security patches and firmware of the network components |
| – Design and build the network which prevent single point of failure as far as possible |
| – Inform and advise customers of the risks associated with their subscribed services |
| CoP for IoT devices |
|---|
| – Deploy IoT devices implemented with appropriate security policies and resilient measures |
| – Sensitive data should be stored securely in the IoT devices to prevent unauthorized access and modification |
| – Users should be provided with adequate guidance and assistance on installation, configuration and use of IoT devices |
| – Implement feasible measures to eliminate potential vulnerabilities of IoT devices |
| – Maintain proper documentation on security risk assessment for IoT devices |
Moreover, in order to have a better monitoring of their progress of compliance, these operators have also conducted an annual compliance check and submitted to the Office of the Communications Authority a checklist about their compliance with the relevant measures/best practices.
Summaries of the latest compliance status by the relevant operators can be found at the following links –
(i) NGN Guidelines: here; and
(ii) CoP for IoT devices: here.