To the central content area
Toggle Dark/Light Mode Dark Mode

Cyber Security Policies and Regulations

Since 2001, the National Information and Communication Security Taskforce, Executive Yuan (NICST) has launched six major cyber security plans or programs in four-year phases, which has effectively increased Taiwan’s cyber security preparedness. Highlights of each plan or program are explained as follows:

  1. Phase One Mechanism Plan (2001-2004)

    Building a cyber security defense system, completing the government agency classification mechanism.

    On January 17, 2001, the Executive Yuan announced the "Building Taiwan’s Communication and Information Infrastructure Security Mechanism Plan" (Phase One Mechanism Plan), which seeks to "ensure Taiwan has a safe, reliable information and communication environment." The main result of this phase is the creation of a cyber security defense system, with results including:

    1. (1)The establishment of the NICST in conjunction with the technical staff unit, the National Center for Cyber Security Technology, as the competent authority in charge of Taiwan’s cyber security infrastructure and policies.
    2. (2)The promotion of cyber security management systems for key government agencies whose works relate to the public’s daily life, providing relevant cyber security support and designating requirements for government agencies at different levels by building agency cyber security incident reporting and notification mechanisms and responsibility level categories and conducting cyber security audit on specified agencies.
    3. (3)The promotion of cyber security education and training among information personnel, reinforcing cyber security workforce training and awareness, and increasing public cyber security awareness.
    4. (4)The revision and amendment of laws and regulations relating to cyber security and the creation of cyber security technical standards and regulations, building product inspection and guarantee mechanisms.
    5. (5)The planning, promotion, and building of the Information Security Management System (ISMS) for key operating systems of critical infrastructures as well as cyber security management programs including cyber security center alert and reporting mechanisms and personnel training.
  2. Phase Two Mechanism Plan (2005-2008)

    Completing cyber security defense capacities, establishing the national security operation center.

    As an extension to the Phase One Mechanism Plan, the Executive Yuan approved the "Building Taiwan’s Communication and Information Infrastructure Security Mechanism Plan (2005-2008)" (Phase Two Mechanism Plan) to continuously strengthen Taiwan’s overall cyber security defense foundation. Key results include:

    1. (1)The establishment of the National Security Operation Center (N-SOC) to provide 24-hour defense, including monitoring and alert services, for important core government agencies.
    2. (2)The establishment of the government agency chief information security officer (CISO) mechanism, appointing deputy principals in charge of cyber security at ministries as CISOs to promote and implement in-department cyber security-related plans.
    3. (3)The expansion of government agency cyber security responsibility level classification scope, greatly increasing the number of important government agencies included in the cyber security defense system and extending that scope to include the education system.
    4. (4)The promotion of ISMS introduction to the education system and the guidance of ISMS establishment at regional education network centers.
    5. (5)The enhancement of work performance through auditing, introducing internal auditing systems to government agencies to ensure the promotion of cyber security-related works while continuing external cyber security auditing for public and private entities to provide audit suggestions.
    6. (6)The extension of the cyber security plan defense range, creating cyber security reinforcement plans to enhance online transaction security and protect personal information.
  3. Phase Three Development Program (2009-2012)

    Reinforcing overall cyber security response capabilities, improving report and response mechanisms.

    In January 2009, the Executive Yuan announced the "National Cyber Security Development Program (2009-2012)" (Phase Three Development Plan). Based on the vision of building a "secure, trustworthy smart Taiwan and sound, quality digital life," the program shared the government’s experience promoting cyber security with society, gradually reinforcing cyber security defense mechanisms in the private sector. The main results include:

    1. (1)The building of cyber security incident response procedures from detection, recognition, analysis, to response, enhancing reporting efficiency and continuously strengthening emergency reporting, response, and recovery capabilities.
    2. (2)The introduction of cyber security governance and performance evaluation to A- and B-level government agencies, requiring them to assign cyber security personnel, categorize and classify information systems, and build basic cyber security mechanisms corresponding to their categories and classes.
    3. (3)The implementation of the Plan-Do-Check-Act (PDCA) model to lower relevant risks, and the promotion of international cyber security standard certifications (such as ISO 27001) among Taiwan’s government agencies and businesses.
    4. (4)The reinforcement of e-commerce reliability and security, strengthening of identity verification mechanisms for secure online transactions, and promotion of using public key infrastructure (PKI) certification services.
    5. (5)Encouraging businesses and organizations to conduct third-party evaluations, reinforcing legally authorized cyber security inspections on all businesses to ensure they enhance personal information protection, build cyber security management systems, conduct internal audits, and commission third parties to conduct cyber security audits.
    6. (6)The strengthening of cyber security research capacities, encouraging higher education institutions to offer cyber security courses, cultivating professional cyber security research talent, developing key cyber security technology, and transferring them to industries for added-value applications.
    7. (7)The promotion of cyber security awareness, holding cyber security awareness events at various school levels, encouraging businesses to review their own information asset’s security, and organizing cyber security checks and competitions for citizens to enhance their cyber security awareness level.
  4. Phase Four Development Program (2013-2016)

    Strengthening cyber security defense management, joint monitoring mechanisms, and cyber security intelligence sharing.

    In 2013, the Executive Yuan approved the "National Strategy for Cybersecurity Development Program (2013-2016)" (Phase Four Development Plan). Based on the vision of "building a safe cyber security environment and progressing towards a high-quality network society," the program emphasized the central government’s ability to defend against cyber-attacks and promoted the following four major goals:

    1. (1)National policy and environment building: continuously adding to and amending cyber security policies, regulations, guidance, standards, and handbooks, reviewing Taiwan’s cyber security-related regulations and discussing to create dedicated laws; implementing a mechanism to ensure reasonable cyber security personnel and budgets for government agencies and holding annual cyber security service provider evaluations; preparing for the establishment and operation of the National Center for Cyber Security Technology to promote public corporatization; implementing cyber security equipment inspections and verification, actively interacting with international certification and verification organizations, and regularly reviewing items for inspection.
    2. (2)Cyber security defense and intelligence sharing: building a structure for government cyber security governance, evaluating cyber security governance maturity levels at A-, B-, and C-level government agencies; establishing the Institute of Watch Internet Network (iWIN) to enhance internet content security management mechanisms; conducting cyber security offense and defense drills, planning cyber security scenario and hands-on drills; implementing the government cyber security management system to improve government agencies’ cyber security management works; promoting cyber security base environment security settings and continuing to plan various government configuration baseline (GCBs) settings; increasing cyber security threat intelligence collection capacity and enhancing data analysis and sharing mechanisms.
    3. (3)Industrial development and technological upgrades: building cyber security defense technology research capacities, strengthening technological competitiveness for innovative cyber security autonomy; reinforcing cyber security technology development collaborations with businesses and academic institutes, putting innovative cyber security technology to practical use; expanding criminal investigative applications, improving the preservation of digital evidence, and promoting digital forensic laboratories to monitor trends in cyber security crimes; creating security test mechanisms corresponding to key technologies such as mobile devices, mobile applications, wireless networks, and the secure software development lifecycle (SSDLC).
    4. (4)Talent cultivation and international exchanges: promoting professional cyber security training and certification mechanisms, planning and establishing professional cyber security personnel registration and certification mechanisms; building a cyber security competence evaluation system, requiring personnel in all areas to regularly complete cyber security competence training courses and pass tests.
  5. Phase Five Development Program (2017-2020)

    Promoting the Cyber Security Management Act, reinforcing Taiwan’s cyber security joint defense system.

    In 2017, the Executive Yuan approved the "National Cyber Security Program (2017-2020)" (Phase Five Development Plan). In response to cyber security threats and challenges the government encountered as it promoted national digital transformation and innovative economy development and following the policy direction of "cyber security is national security," the program upgraded cyber security defense to the level of national security and continued to implement government improvements and various cyber security defense measures to respond to complex and ever-changing cyber security threats.

    Based on the vision of "building a secure, trustworthy digital nation," Phase Five incorporates the three major policy goals of "creating a national cyber security joint defense system," "improving the overall cyber security defense mechanism," "reinforcing cyber security autonomy industry development," and the four major strategies of "enhancing the base environment for cyber security," "creating a national cyber security joint defense system," "increasing the autonomy of cyber security industry," and "cultivating high-quality cyber security talent," designating 11 specific measures to gradually launch Taiwan’s cyber security defense in depth and joint defense system and stabilize the cyber security frontline of Taiwan’s digital territory.

  6. Phase Six Development Program (2021-2024)

    Building an active defense base network, creating a resilient, secure smart country.

    Considering the width of information and communication service applications and Taiwan’s major technological innovation policies, cyber security plays a key role in national security and even the various facets of socio-economic activities. In order to respond to international trends and new forms of cyber-attacks and threats as well as to extend Taiwan’s cyber security capacity and advantage on the basis of existing foundations for defense, the Executive Yuan’s National Information and Communication Security Taskforce, while continuing to implement the Phase Five National Cyber Security Program (2017-2020), proposed the "National Cyber Security Program of Taiwan (2021-2024)" (Phase Six Development Program) on February 23, 2021 to gradually increase Taiwan’s cyber security defense capacity and set goals for the government to follow as it promotes cyber security defense strategies and plans.

    To cultivate excellent cyber security talent within the country, improve critical infrastructure cyber security defense measures, use innovative technology to actively prevent and eliminate threats at the source, popularize cyber security awareness and capacities among businesses through the cooperation of the public and private sectors, and build a safe and smart network environment, the Phase Six Development Program is based on the vision of "creating a resilient, secure smart country." The program incorporates the three major policy goals of "becoming the hub for cyber security research and training in Asia-Pacific," "building an active defense base network," and "jointly creating a safe network environment through the cooperation of the public and private sectors," and the four major strategies of "recruiting global high-end talent, cultivating autonomous development capacities," "promoting joint governance between the public and private sectors, enhancing the resilience of critical infrastructures," "making use of smart innovative technology, actively defending against potential threats," and "building a safe and smart network, increasing the public’s defense capacities." By integrating the planning of outstanding cyber security industry development programs for the six core strategic industries as the cyber security industry development continues, the government hopes to build a safe and resilient smart country.

Go Top