Strengthening Taiwan’s cybersecurity capabilities

  • Date: 2017-04-28

I. Background

While information and communications technology has made life more convenient than ever, it has also given rise to new forms of online crime that threaten to undermine social stability. One example in Taiwan is the ATM heist in July of 2016 when a multinational criminal ring made off with millions in cash after implanting malware in the computer networks of First Commercial Bank. With public services everywhere reliant on information systems, the consequences of a data breach could range from mild inconveniences such as disruptions in banking or high-speed rail services, to major national security crises where government functions may be crippled or even disabled. Clearly, information security has become a matter of national security.

To strengthen Taiwan’s data security capabilities, the Executive Yuan upgraded its Office of Information and Communication Security on August 1, 2016, creating the Department of Cyber Security (DCS), a strategic center for national information security as well as a mechanism for managing cybersecurity throughout the government. Staffed by computer experts and professionals, the department is a permanent unit dedicated to setting up cybersecurity systems, promoting the enactment of a cybersecurity law, and establishing programs to reinforce Taiwan’s information and communications security protection mechanisms.

II. Integrate and improve information security capabilities

Viewing information security as a matter of national security, the Executive Yuan tasked the DCS with making Taiwan’s cyberspace more secure, convenient and efficient. The department also oversees and supports government agencies and certain private organizations in implementing various information security policies:

A. Strengthen information security measures in the public and private sectors

Establish a comprehensive legal framework to reinforce cybersecurity protection measures at government agencies and certain private-sector organizations. Continuously review and amend important regulations to reflect changes in cybersecurity organizations and mechanisms, enhance cooperation between public and private sectors, and cultivate information security professionals. Bolster protection measures for critical national information infrastructure (including physical or virtual assets, systems or networks) such as transportation facilities, energy grids, water supplies, telecommunications networks, banking and financial institutions, emergency response systems and hospitals.

B. Improve technical capabilities for information security

There are two levels to the government’s cybersecurity efforts: policy planning and coordination are handled by the DCS, while technical services are outsourced to the National Center for Cyber Security Technology. To reduce the security risks associated with outsourcing, the center is only responsible for providing support and must use specialists solely engaged in cybersecurity tasks.

Once a comprehensive legal foundation is in place, the DCS will work closely with experts and scholars to plan a suitable organizational framework and build a systematic, sustainable operating model for information security. To enable Taiwan to recruit, cultivate, retain and compete for talent, the DCS will also create flexible mechanisms for hiring professionals and forming appropriate cybersecurity organizations. All of these efforts will help raise Taiwan’s technical information security capabilities.

III. Enact cybersecurity law, promote cybersecurity development program

In addition to preparing a cybersecurity law that focuses on risk management, the government is promoting a national cybersecurity development program. These two initiatives will accelerate the creation of a strong national cybersecurity environment, enforce information security in public and private sectors, and spur related industries such as cybersecurity research and development, services and education.

A. Promote cybersecurity law

The government has drafted a cybersecurity management bill to serve as the legal basis for promoting the development of Taiwan’s digital security and cybersecurity industries. The bill was approved by the Executive Yuan on April 27, 2017 and has been submitted for legislative review. Once it clears the legislature, the act will require government agencies and certain nongovernment agencies (critical infrastructure providers and government-funded institutions that have been assigned cybersecurity responsibilities) to undergo administrative inspections and design security maintenance programs, reporting mechanisms and response procedures using risk-management principles. To assure nongovernment agencies that the government will not infringe on their rights, inspections will only be conducted in the event of a severe cybersecurity incident or the discovery of a major security flaw.

B. Plan the next phase of the national cybersecurity development program

The government is planning the fifth phase of the National Strategy for Cybersecurity Development Program (2017-2020), which aims to strengthen Taiwan’s cybersecurity capabilities and build an ecosystem for the digital economy. Envisioning an era of secure and reliable digital business operations, the program will build a strong legal framework for information security, establish a joint public-private defense system, develop an autonomous cybersecurity industry, cultivate skilled professionals, and create a safe online environment.

IV. Conclusion

Cybersecurity is an increasingly critical issue with significant impacts on both the individual and the nation, but it is also the key to building a digital nation and an innovation-driven economy. By establishing a department dedicated to information security, integrating existing resources and manpower, and promoting cybersecurity legislation, the government will be able to strengthen cybersecurity measures in Taiwan and protect critical information infrastructure while creating an innovative ecosystem for the digital economy era. All of these efforts will help develop the next generation of industries and raise Taiwan’s standing in global cybersecurity efforts.