A set of guidelines included in a new cybersecurity bill may impact the way casinos in Macau enforce safety measures around their digital assets.
The legislation, published on Monday in Macau’s Official Gazette, establishes that key public and private organizations – including the SAR’s six concessionaires – must employ specialized teams to enforce the government’s cybersecurity policies and liaise with the official institutions in charge of their observation.
According to the law, which comes into effect in 180 days’ time, operators will be required to establish and sustain cybersecurity management units capable of implementing internal protection measures. They will also need to designate a person and substitute in charge of cybersecurity in the company “among individuals with adequate professional qualifications and experience” and with residence in Macau, and make sure that he or she can be permanently reached by the Cybersecurity center, CARIC (Cybersecurity Incident and Alert Response Center).
Casino operators will also need to establish and adopt a cybersecurity management regime and internal operational procedures to “protect, monitor, alert and respond” to incidents. Part of their duties will be to monitor and record the network operating status and inform the public entities in charge of any incident, and immediately initiate countermeasures.
Operators will need to assess the risks to their networks and systems and submit an annual report including records of incidents and the results of risks assessments.
The public institutions in charge of enforcing the legislation will be headed by the Commission for Cybersecurity (CPC) and the CARIC.