The “Department of Cybersecurity” (資通安全處) under the Executive Yuan—the executive branch of Taiwan’s central government—recently issued a notice for public comments on a draft of the Information Communication Security Management Act (資通安全管理法; hereafter “Act”). The Act includes 24 articles divided among three chapters fleshing out the Tsai Ing-wen administration’s legal framework for information communication security, the development of cyber defense technology, and international cooperation on cyber defense. After public comments, the bill will be submitted to the legislative body for reviews and could be passed as early as the end of 2016.
The Department of Cybersecurity was established on August 1 and in the span of one month held three public workshops with participation from members of Taiwan’s private sector and other government agencies to draft the bill. The Act notably lays out four priorities under the new government:
1) Training information communication professionals;
2) Promoting information communication technology research and development, integration, application, and industry-academic and international cooperation;
3) Developing and promoting the information and communication security industry; and
4) Developing and promoting information communication security software, technical equipment standards and related services, and monitoring mechanisms.
The cyber department’s primary purpose is to strengthen the nation’s information communication security. According to the Executive Yuan’s website, the department has nine areas of responsibility: 1) national information communication security guidelines, policy, and major projects; 2) national information communication security related legislations and standards; 3) national information communication security incident detection and reporting mechanism; 4) national critical infrastructure security management mechanism; 5) national information communication security taskforce resolutions ; 6) information communication security related training and audits; 7) information communication security education, training, and guidance; 8) information communication security international exchange and cooperation; and 9) other matters related to information communication security programs. ( An organizational chart of the cyber department and its relationship with other entities may be found here.)
Jian Hong-wei (簡宏偉) is the first chief of the Department of Cybersecurity. Jian has a long career in information communication security. Prior to this appointment, he was a Commissioner at the National Development Council Information Management Office. Early in his career, Jian served as the division chief of the Overseas Community Affairs Council’s Information Communication Division and Central Weather Bureau’s Meteorological Information Center; he also served on the Executive Yuan’s Research, Development and Evaluation Commission. Jian holds a Master’s Degree from National Chung Cheng University’s Information Engineering Institute.
The Act tracks with efforts underway in other countries throughout the region such as Korea and Japan in terms of national-level standards for cybersecurity and critical infrastructure protection. Countries sharing similar standards should theoretically make it less complicated for governments and companies facing similar threats to cooperate with one another. In a report published by the D.C.-based Center for Strategic and International Studies, Bonnie Glaser and Jacqueline Vitello recommended that Taiwan be included in the Department of Homeland Security’s annual exercise Cyber Storm. According to the authors, Taiwan has twice applied to observe the biennial exercise, but has not yet been invited.
While still in draft form, the Act represents a step in the right direction for improving both the technical and legal framework of Taiwan’s cybersecurity. At most, it indicates that Taiwan intends to raise its information security management standards and practices to a level on par—if not ahead of—other countries in the digital age. At the very least, the Act raises the profile of cybersecurity in the island’s national security discourse and could help to leverage Taiwan’s “unique place and well-developed skill set” in this new domain.
The main point: While still a draft, the Act represents a step in the right direction. At most, it indicates Taiwan’s intention to raise its information communication security management standards and practices to on par with, if not ahead of other countries.