Protection of Critical Infrastructures: Preventing Cyber Incidents from Supply Chain Attacks

As we enter the hyperconnected era, enterprises face increasingly complex cybersecurity threats and supply chain risks. This will be especially true when the Protection of Critical Infrastructure (Computer Systems) Ordinance comes into effect in 2026, making compliance with the regulatory framework a top priority for many enterprises. HKT is committed to helping customers build resilient IT strategies. Leveraging advanced technologies and professional services, HKT empowers enterprises to tackle fast-evolving cyber threats with confidence.

Third-party suppliers to eight key sectors must comply with the regulations

As enterprises’ IT systems and operations become more reliant on the Internet and diversified cloud platforms, they are forming highly interconnected digital ecosystems. Within such environments, supply chain attacks are emerging as a growing source of vulnerability. According to a 2025 cybersecurity survey#, more than 60% of cyber threats were related to software supply chain attacks, making them the most common attack vector and a risk that cannot be ignored.

 

Under the Protection of Critical Infrastructure (Computer Systems) Ordinance, which will take effect in 2026, operators of critical infrastructure in eight key sectors – including energy, land, sea and air transport, and healthcare – must ensure the secure and stable operation of their systems. However, the scope of regulation goes beyond these eight sectors. Their third-party suppliers are also required to comply with the Ordinance. As a result, enterprises must thoroughly review their existing supply chain operations and guard against the “domino effect” of cascading risks. 

 

To address these challenges, HKT provides end-to-end supply chain threat management services spanning four key areas: Assess, Proof of Concept (POC), Implement and Operate. This holistic approach helps enterprises build resilient and visionary cyber security strategies. 

Building future-ready cyber security assurance

• Assess - HKT offers comprehensive infrastructure security assessment services covering servers, network equipment, endpoints and applications. The assessment analyses the risks associated with each asset and their potential impact on critical business operations. Based on the assessment results, HKT’s experts provide tailored recommendations according to different risk levels. For example, if equipment supporting critical operations is exposed to high supply chain risk, HKT may recommend a “risk avoidance” strategy by proactively migrating to alternative technologies and undertaking “re-architect” or “re-platform” of the environment.

 

• Proof of Concept (POC) - To ensure the feasibility and compatibility of proposed technical solutions, HKT has established an enterprise-grade testing laboratory, “HKT Tech Studio”, dedicated to POC and pilot testing. From endpoints and core infrastructure to systems and applications, the team helps enterprises evaluate compatibility and performance in advance. This reduces the risks associated with system replacement or upgrades and ensures that different technologies can be seamlessly integrated.

 

• Implement - During the implementation phase, enterprises often face resource constraints and cybersecurity talent shortages. HKT’s cybersecurity team holds more than 150 industry-recognised professional qualifications, including CISSP, GCIH, GIAC, CISA, CISM and OSCP, and is certified by multiple technology vendors. Drawing on this expertise, HKT delivers a wide range of cybersecurity solutions and technical support, enabling enterprises to complete deployment efficiently.

 

• Operate - After implementation, ongoing stable operation is critical to sustaining cybersecurity outcomes. HKT’s managed threat management services integrate agentic AI technologies and are underpinned by an AI-powered  Next-Generation Security Operations Center (NGSOC). This enables the automation of up to 95% of repetitive and manual tasks, significantly shortening mean time to contain (MTTC) incidents and reducing the cost of non-compliance and security events. At the same time, HKT’s experienced professionals define standard operating procedures, provide 24x7 monitoring, rapidly identify incidents and contain threats. In doing so, they help enterprises build a resilient cyber defence framework and minimise potential risks.

 

In an era of accelerated digital transformation and hyperconnected cyber threats, maintaining continuity of critical business operations while ensuring information security is no easy task. With leading-edge technologies, deep professional expertise and a holistic risk management approach, HKT supports enterprises in building robust cyber defences, achieving continuous innovation and stable growth, and becoming their most trusted cybersecurity partner.

 

#Survey conducted in 2025 by Fortinet, a global cybersecurity solutions provider.

 

Source: Wepro180  - Translated from the original Chinese version