Regulations Governing the Establishment of the National Information and Communication Security Taskforce (NICST), Executive Yuan
(Approved by the Executive Yuan on August 1, 2016)
1. The Executive Yuan (hereinafter referred to as “this Yuan”) shall establish the National Information and Communication Security Taskforce (NICST) (hereinafter referred to as “this Taskforce”) in order to promote policies on national information and communication (IC) security, expedite the construction of a safe national IC environment and boost national competitiveness.
2. This Taskforce is responsible for the following national IC security matters:
(1) Providing consultancy on IC security policies.
(2) Providing consultancy on IC security emergency report and response mechanisms.
(3) Providing consultancy on major IC security programs.
(4) Coordinating and supervising inter-ministry cyber security efforts.
(5) Implementing other related measures assigned to it by this Yuan.
3. This Taskforce is led by the Convener, Vice Premier, the Vice Convener, the Minister without Portfolio of the Yuan and one specified Minister, and the Co-Vice Convener, an Advisory Committee Member of the National Security Council. Each will be appointed by the Premier of the Yuan. Other commissioners may include members of information and communication security agencies, deputy mayors of special municipalities and experts in the field. The taskforce will have 18 to 35 commissioners in total, the Convener, the Vice Convener and the Co-Vice Convener included.
4. The operations of this Taskforce are managed by the Department of Cyber Security.
5. Two Systems are to be established under this taskforce, one for Cyberspace Protection and the other for Cybercrime Investigation, whose managing agencies and duties are listed below:
(1) The Cyberspace Protection System, led by the Department of Cyber Security, is to consolidate IC security resources and promote related policies while supervising the following four working groups, whose managing agencies and duties are listed below:
A. Critical Information Infrastructure Protection (CIIP) Management Group: managed by the Department of Cyber Security, is in charge of planning and promoting CIIP management mechanism, supervising all domains to implement security protections, and conducting related activities such as security audits and drills.
B. Industry Development Group: managed by the Ministry of Economic Affairs, is in charge of promoting IC security industry development, integrating resources of private sectors, the Government, and academic & research facilities, and developing related innovation and application.
C. Government Cyber Security Protection Group: managed by the Department of Cyber Security, is in charge of planning and promoting IC application service security mechanism of the government, providing IC security technology services, supervising cyber security protection, incident handling and reporting of government agencies, conducting cyber security audits and drills, and providing assistances to ensure the completeness and effectiveness of cyber security protection of government agencies.
D. Standard and Norm Group: managed by the Department of Cyber Security, is in charge of formulating and revising cyber security related laws and regulations, developing cyber security related national standards, and making and maintaining cyber security related specifications and guidelines.
E. Awareness and Training Group: managed by the Ministry of Education, is in charge of promoting fundamental education of cyber security, strengthening cyber security of education system, raising cyber security quality of people, providing information services of cyber security, building all-around integration platform, conducting international cyber security competition, promoting communication and exchange of industries and academies, and strengthening cyber security professional cultivation.
(2) The Cybercrime Investigation System, jointly led by the Ministry of the Interior (MOI) and the Ministry of Justice (MOJ), and is to fight cybercrimes, protect citizens’ privacy and build a sound infrastructure for IC security while supervising the following three working groups:
A. Personal Information Protection and Legislation Group: managed by the Ministry of Justice, is in charge of propagating and promoting Personal Information Protection, reviewing and amending regulations to protect personal information and prevent cybercrimes.
B. Cybercrime Prevention Group: managed by the Ministry of the Interior and the Ministry of Justice, is in charge of investigating cybercrimes, preventing criminal activity on the Internet, and performing digital forensics.
C. Cyber Environment and Internet Content Security Group: managed by the National Communication Committees, is in charge of enhancing cyber environment and Internet content security, and assisting to prevent cybercrimes.
In order to actively deliberate national cyber security policies and promote strategies, enhance cyber security experiences sharing and exchanging between private sectors, the Government, and academic & research facilities, this Taskforce should set up an Information Security Consulting Committee.
6. Each working group shall appoint one convener from among the commissioners of the managing ministry. Operating guidelines shall be formulated for each working group as needed.
Professionals in related agencies or academia will be appointed by the General Convener to serve as commissioners in the Information Security Consulting Committee, with the group totaling 17 to 21 commissioners. Each term of the commissioner is two years, but can be appointed continuously.
7. This Taskforce shall convene a meeting every six months and may schedule ad hoc meetings if needed. The General Convener will preside over the meetings.
8. The commissioners and conveners of this Taskforce and its working groups will not receive remuneration.