In light of the fact, that the NCC is unable to establish any institute in violation of any laws or regulations, NCC is appealing to the public not to misinterpret the functions and key roles undertaken by the National Communications and Cyber Security Center (NCCSC), which has been entrusted with the responsibility of ensuring the continuous operations of the communications networks, the provision of the ‘Life Line,’ and normal operations of the nation’s economy.

      In view of the communications network being the neural network of the eight critical infrastructures of society, sophisticated threats, developed over the past few years, have evolved to the extent that even an entire network shutdown caused by foreign malware has become a possibility. Thus, in order to maintain continued capabilities of the telecommunications and broadcasting networks, ensure that information security on the broadband network can be protected, operations of the communications network remain uninterrupted, and development within the digital economy can be promoted, an information security joint defense system that can offer a Life Line has become necessary and a more pressing need of the people.  

      With the objective of improving efficiency and effectiveness of reporting and response to incidents by telecommunications and broadcasting enterprises, managing information of security incidents, maintaining normal operations of industry, society and the nation while complying with laws and regulations, the National Communications Commission (NCC) and the Cyber Security Center (NCCSC) coordinate with communications operators within the scope of their responsibilities.

      Article 50-1 of the Regulations Governing Fixed Network Telecommunications Businesses specifies that  the operator shall file a report to the NCC of a disruption to the network within a specified time period in the case where more than 10,000 network service users suffer from disruption to the network service for more than 30 minutes, or when the submarine cable system between the main island and offshore islands, as well as the international submarine cable system, has been interrupted for more than 30 minutes. Similarly, Article 55-1 of the Regulations for Administration of Mobile Broadband Businesses stipulates that operators shall file a report to the NCC within a specified time limit in the case where more than 1,000 users of mobile broadband communications cannot access the telecommunications services for more than 30 minutes, arising from the telecommunications line equipment malfunction due to a disaster or any other major incident.

      Furthermore, in order to ensure that the operator files a report within the prescribed time period, and in accordance with Article 14 (2) of the Information Security Management Act, when the government agency becomes aware of an incident of information security, it shall file a report to the competent authority, in addition to the supervising agency or supervisory authority; if there is no supervising agency, it shall notify the competent authority. Likewise, in accordance with Article 18 (2) of the Information Security Management Act, when a specific non-government agency is aware of an information security incident, it shall file a report to the national competent authorities to enable implementation of relevant statutory matters and continuous operations.

      NCCSC was unveiled on November 15, 2018. The center aims to ensure that the network operational status of telecommunications and broadcasting enterprises for mobile communications, satellite communications, submarine cable communications, fixed communications, DNS domain, and cable TV remain fully operational so as to ensure the preparation for, reporting and response to incidents, as well as recovery of critical infrastructure (CI) and cyber obstacle events. At the same time, it has also established an information security protection system of the critical information infrastructure (CII) to strengthen the telecommunications and broadcasting enterprises’ collection and management of information of the network status during disaster response, etc. Its tasks include: (1) collating information security incidents such as network disruption incidents and cyber-attacks reported by telecommunications and broadcasting enterprises, and determining whether their physical network operations are normal or not; (2) confirming the level of disruption and the incidents of information security as reported by enterprises; (3) immediately providing disaster mitigation and response personnel, according to the confirmed level of incident so as to supervise management of emergency response, such as repair of submarine cable fractures, mobile communication core network obstacles, etc; (4) providing the information security supervision personnel, according to the confirmed information security incident level to supervise the enterprises’ handling of the emergency response matters of the information security incidents, such as eliminating information security incidents of cyber-attacks, hacker invasion, etc.; (5) determining the causes, red flags and methods of attack, and providing suggestions for response, which could be publicly disclosed with the competent authorities of other critical infrastructure through the N-ISAC of National Information & Communication Security Taskforce of the Executive Yuan so as to strengthen the joint defense mechanism of national critical infrastructures.

      Through coordinated efforts of NCCSC and the operators, the operators’ network report process can be accelerated. If deemed necessary, NCC shall establish an emergency response team according to the impact scope and extent of disruption so as to urge the operators to accelerate recovery. For example, on February 7, 2017, thirteen financial securities companies suffered from a DDoS extortion attack. In accordance with the inter-departmental coordination of the Department of Cyber Security of the Executive Yuan and the request of the FSC, NCC supervised telecommunications enterprises to provide the financial securities industry with network packet cleaning services so that the response to the attacks can be resolved more efficiently. In addition, on December 18 and 20, 2017, three submarine cables of Chunghwa Telecom Co., Ltd. domestic Taijin 2, Taipeng 3, and Pengjin 1 and 3 had consecutive fractures, causing disruption of communications to the Kinmen area. NCC immediately set up an emergency response team to urge Chunghwa Telecom to accelerate the response to the disruption and ensure the rights of users in Kinmen.

      The NCC further stated that it shares the NCCSC’s C-ISAC platform with all telecommunications and broadcasting enterprises so that information security protection measures can be strengthened. NCC also acts in accordance with the National Information Security Development Plan (2017–2020) of the Executive Yuan, promoting the strategy of “constructing a national information security joint defense mechanism.” It has also planned the information security flagship project, and established the Network Operations Management Platform (C-NOC), Information Security Monitoring Platform (C-SOC), Information Security Reporting Emergency Response Platform (C-CERT), and Information Analysis and Sharing Platform (C-ISAC). NCC further incorporates these platforms into the NCCSC using automation to manage the network disruption and security incidents concerning telecommunications and broadcasting enterprises.

      The operation of this key function is managed by the NCC Infrastructure Office and it is one of the eight critical infrastructure areas established by the Executive Yuan, namely communications, with other critical infrastructure being government agencies, finance, technology parks, energy, transportation, health care, and water resources.  The Information Sharing and Analysis Center (ISAC), Computer Emergency Response Team (CERT), and Security Operation Center (SOC) can thus form a joint security defense and cooperation network, information security defense system.

      NCC emphasizes that the function and purpose of NCCSC is to strengthen the telecommunications and broadcasting enterprises’ disaster response, protection of information security, and the collection and management of information regarding the network status, so as to ensure the communications network can remain uninterrupted. Such purpose is at the foundation of strengthening the digital economy and encouraging innovation, as well as safeguarding national security. It is estimated expected that, by 2020, a total of 109 communications and broadcasting enterprises will become part of a joint defense mechanism between the public and private sectors and that telecommunications and broadcasting enterprises’ operations can be strengthened in the four aspects of the early warning system: continuous operation, reporting and response, and coordination and improvement. Thus, NCC is appealing to the public not to misinterpret the important functions of ensuring the continuous operation of the communications network, as the transmission of Life Line, and the normal operation of the nation.