Regulations Governing the Establishment
Regulations Governing the Establishment of the National Information and Communication Security Taskforce (NICST), Executive Yuan
Set and promulgated by the Executive Yuan
Revisions approved by the Executive Yuan on March 17, 2003
Revisions promulgated by the Executive Yuan on April 18, 2005
Revisions promulgated by the Executive Yuan on Sept. 14, 2006
Revisions promulgated by the Executive Yuan on July. 29, 2008
Revisions promulgated by the Executive Yuan on Dec. 31, 2009
Revisions promulgated by the Executive Yuan on Mar. 7, 2011
Revisions promulgated by the Executive Yuan on Jan. 4, 2013, effective Jan. 1, 2013
Revisions promulgated by the Executive Yuan on Mar. 24, 2014, effective Mar. 3, 2014
Revisions promulgated by the Executive Yuan on Dec. 29, 2014, effective Dec. 29, 2014
Revisions promulgated by the Executive Yuan on Mar. 13, 2015, effective Mar. 13, 2015
Revisions promulgated by the Executive Yuan on Jan. 19, 2016, effective Jan. 20, 2016
Revisions promulgated by the Executive Yuan on Aug. 24, 2016, effective Aug. 1, 2016
Revisions promulgated by the Executive Yuan on Feb. 14, 2019, effective Feb. 14, 2019
Revisions promulgated by the Executive Yuan on Dec. 25, 2020, effective Dec. 25, 2020
- The Executive Yuan established the NICST to promote national cyber security policies, accelerate the construction of a safe national cyber security environment, and enhance national competitiveness.
- The Taskforce is responsible for the following matters:
- (1)Advising and reviewing national cyber security policies
- (2)Advising and reviewing national cyber security reporting and response mechanisms
- (3)Advising and reviewing major national cyber security plans
- (4)Coordinating and supervising inter-ministry cyber security affairs
- (5)Other works relating to national cyber security assigned by the Executive Yuan
- The NICST is led by the Convener, a position filled by the Executive Yuan’s Vice Premier; the Vice Conveners, filled by a Minister without Portfolio and a Minister; and the Co-Vice Convener, an Advisory Committee Member of the National Security Council. Each is appointed by the Premier. Other commissioners may include cyber security agency principals, special municipality deputy mayors, and experts in the field. The NICST has 18-35 commissioners including the Convener, Vice Conveners, and Co-Vice Convener.
To coordinate and promote national cyber security policies, the Executive Yuan appoints one cyber security chief, a position filled by the NICST chair.
- The operations of the NICST are managed by the Department of Cyber Security.
- The NICST has two systems, one for Cyberspace Protection and the other for Cyber Crime Investigation, whose managing agencies and duties are as follows:
- (1)Cyberspace Protection System: led by the Department of Cyber Security and responsible for consolidating cyber security defense resources and promoting related policies. The system consists of the following working groups, whose managing agencies and duties are as follows:
- Critical Information Infrastructure Protection (CIIP) Management Group: managed by the Department of Cyber Security and responsible for planning and promoting CIIP management mechanism, supervising all domains to implement security defense, and conducting security audits and drills.
- Industry Development Group: managed by the Ministry of Economic Affairs and responsible for promoting cyber security industry development, integrating public, private, academic, and research resources, and developing relevant innovative applications.
- Government Cyber Security Protection Group: managed by the Department of Cyber Security and responsible for planning and promoting government information and communication application service security mechanisms, providing cyber security technical services, supervising government agency cyber security defense, reporting, and response, conducting cyber security audits and drills, and assisting government agencies with fully and effectively reinforcing cyber security defense.
- Standard and Norm Group: managed by the Department of Cyber Security and responsible for setting and revising cyber security-related laws and regulations, developing cyber security-related national standards, and making and maintaining cyber security-related specifications and guidelines.
- Awareness and Training Group: managed by the Ministry of Education and responsible for promoting cyber security fundamental education, strengthening education system cyber security, enhancing public cyber security capacity, providing cyber security information services, building a comprehensive integration platform, conducting international cyber security competitions, promoting industry-academia exchanges, and strengthening cyber security talent cultivation.
- Foreign Mission Cyber Defense Group: managed by the Ministry of Foreign Affairs and responsible for coordinating foreign mission joint agencies’ information and network management to enhance cyber security defense capacities and lower cyber-attack and cyber security incident risks.
- (2)The Cyber-crime Investigation System: jointly led by the Ministry of the Interior (MOI) and the Ministry of Justice (MOJ) and responsible for fighting cyber-crimes, protecting citizens’ privacy, and enhancing cyber environment and security. The system consists of the following working groups, whose managing agencies and duties are as follows:
- Cyber-crime Prevention Group: managed by the MOI and the MOJ and responsible for investigating cyber-crimes, preventing computer crimes, digital forensics, and reviewing cyber-crime prevention-related regulations.
- Cyber Environment and Internet Content Security Group: managed by the National Communication Committee and responsible for enhancing cyber environment and internet content security and assisting with cyber-crime prevention.
To actively review national cyber security policies and promote strategies, enhance cyber security experience sharing and exchange between private sectors, the government, and academia, the NICST may set up a Cyber Security Consulting Committee.
- (1)Cyberspace Protection System: led by the Department of Cyber Security and responsible for consolidating cyber security defense resources and promoting related policies. The system consists of the following working groups, whose managing agencies and duties are as follows:
- Each working group appoints one convener from among the managing agency’s commissioners and formulate operating guidelines as needed.
The Cyber Security Consulting Committee has 17-21 commissioners, positions filled by professionals, academics, and experts appointed by the NICST’s Convener. Commissioners have a term of two years, but may be appointed continuously.
- In principle, the NICST meets every six months, presided over by the Convener; the Cyber Security Consulting Committee meets every year, presided over by the NICST Convener-appointed Vice Convener; ad hoc meetings may be held if needed.
- The commissioners and conveners of the NICST and its working groups do not receive remuneration.