Management of the Cybersecurity of Telecommunications
- Policies
To ensure that telecommunicationss businesses enforce computer facility security measures, thereby reducing cybersecurity incidents and protect the communication rights of consumers, the former supervising agency National Communications Commission (NCC), since 2017, has implemented the security inspection plan of telecommunication facilities of fixed line operators, mobile operators, and type II telecommunicationss operators. Each year, uninspected telecommunicationss operators are selected randomly for in-person inspections at their facilities. When requirements are not met, the NCC requires operators to immediately provide an improvement plan, thereby promoting cybersecurity defense mechanisms. The NCC also amended existing regulations to enhance the legal environment for cyber security, reinforce cross-sector cyber security mechanisms and intelligence exchanges, and urges operators to increase network defense capabilities and conduct cyber security drills.
Since 2022, the NCC began supervising operators in setting information and telecommunications cyberr security plans and implementing relevant measures according to the Telecommunications Management Act and Cyber Security Management Act. Additionally, the NCC created the audit plan for information and communications security plans as a basis for auditing with the aim of encouraging operators to implement security measures and ensure the safety, reliability, and resilience of public telecommunicationss networks. The NCC also continuously increased the capacity of the National Communications and Cyber Security Center’s (NCCSC) cyber security operation analysis and notification platforms (C-NOC, C-SOC, C-ISAC, and C-CERT) as well as conducted offensive and defensive network drills for telecommunicationss operators to audit their cyber security preparedness, implementation, notification, and response action. - Action
- (1)The NCC conducted the "Type II Telecommunications Operator Computer Facility Safety Administration Inspection Plan" in 2015, auditing computer facility security of internet access providers that had over 100,000 clients and telecommunications facilities. In total, the NCC inspected 33 facilities belonging to seven operators, and results showed that all operators had introduced and implemented facility security measures to strengthen their facilities’ defense capabilities.
- (2)The NCC conducted the "Type II Telecommunications Operator Computer Facility Security Inspection Plan" in 2016, auditing facility security of type II telecommunications operators providing internet access services that had between 10,000 and 100,000 clients. In total, the NCC inspected ninefacilities belonging to nine operators, and results showed that all operators had met official requirements.
- (3)In 2017, the NCC expanded the scope of inspections for fixed telecommunications operators, conducting the "Fixed Telecommunications Operator Facility Safety Administration Inspection Plan for 2017," and auditing facility security of critical infrastructure listed as levels I and II as well as internet data centers inventoried in 2016. Out of the 52 infrastructures and 34 internet data center facilities, a total of 16 facilities (eight each) were inspected for facility safety administration, and results showed that all had met official requirements.
- (4)The NCC conducted the "Mobile Broadband Telecommunications Operator Facility Security Inspection Plan"during 2018, auditing the administration of 20 mobile broadband telecommunications operator facilities. Results showed that all had met official requirements.
- (5)During 2019, the NCC targeted fixed telecommunications operators not yet inspected. Out of the 38 facilities of seven local network providers, 19 facilities (more than half each) were inspected. All met requirements.
- (6)The NCC audited the administration of 20 facilities of five mobile broadband telecommunicationss operators during 2020. Results showed that all had met requirements.
- (7)In 2021, the NCC set an administration auditing plan for type II telecom operators. In response to anti-COVID-19 measures, the NCC designed a supplementary measurement plan, accepted self-assessment and supporting documents for auditing, and inspected facilities via video conferences as a supplementary measure. Prior to inspections, the NCC also held pre-inspection briefings to help relevant parties understand inspection procedures. In total, the NCC inspected 11 operators and 16 facilities during 2021, and results showed that all had met official requirements for facility security management.
- (8)The NCC held a telecommunications industry cyber security intelligence sharing conference on March 31, 2022, inviting the Executive Yuan’s Department of Cyber Security and National Center for Cyber Security Technology as well as entities including telecom operators, the Telecom Technology Center, and Taiwan Network Information Center to share the latest cyber security intelligence and their experiences in responses to incidents.
After the establishment of the Ministry of Digital Affairs, the works above shall be transferred to the jurisdiction of the Ministry.
Keyword(s)
Data Source: Department of Communications and Cyber Resilience
Create Date: 2022-08-27
Update Date: 2024-01-31