TAIPEI (Taiwan News) — Companies providing critical infrastructure services in Taiwan will in future have to install a chief of cyber security, while the government’s auditing powers will be expanded following revisions to cyber security legislation.
In an interview published on Monday (Sept. 4), Deputy Minister of Digital Affairs Ning Yeh (葉寧) said the planned revisions to the Cyber Security Management Act will require “specific non-government agencies” to install a chief of cyber security. “Specific non-government agencies” are defined as those that provide critical infrastructure, are government owned, or are government funded.
Yeh said examples of companies that will be required to establish roles that oversee cyber security include Chunghwa Telecom, Far EastTone, the Taoyuan International Airport Corporation, and others. State owned electricity provider Taipower is another example, plus government funded organizations like the Industrial Technology Research Institute, better known as ITRI.
The revisions will also expand the scope of these audits, and local governments will be given the power to carry them out, he said. The ministry is working with local governments to carry out audits on institutions at township or district level offices, Yeh said.
Yeh also said the revisions will expand policing powers and allow for greater inter-ministry and inter-agency cooperation. In practice this will allow government agencies to deploy resources from across different ministries where they are most needed, he said.
The revisions will be submitted to the legislature for review after it next sits, Yeh said, which is expected to occur on Sept. 15 at the earliest.
Yeh added that the ministry will publish guidelines for ensuring the way data is handled serves the public good, and enhances data privacy. Both sets of guidelines are expected to be published mid-September, he said.