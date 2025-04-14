President William Lai, front row, center, poses with high-ranking national security officials at the National Security Bureau in Taipei in an undated photograph. Photo coutesy of the National Security Bureau

2025/04/14 03:00

CYBERSECURITY:The new strategy emphasizes critical infrastructure protection, real-time threat monitoring and coordination to bolster resilience

By Wu Che-yu and Sam Garcia /Staff reporter, with staff writer

The National Security Council （NSC） has published its information security strategy for this year, which includes establishing a national center to monitor security risks and outlines three major goals for enhancing the nation’s critical infrastructure security.

The council’s strategy highlights the importance of protecting critical infrastructure — including water, electricity, communications, transportation, finance and healthcare systems — from cyberthreats.

Disruptions to these systems caused by cyberattacks could paralyze society, severely impact the economy, jeopardize public safety and disrupt daily life, the NSC said. Such incidents would also erode public trust in the government and threaten national stability.

The strategy emphasizes that information security is crucial in safeguarding the military’s operational command system, ensuring that facilities, equipment, communications and decision-making processes remain free from external interference.

Information security is a critical extension of national defense and military strategy, the council said.

The military must be able to counter cyberattacks to prevent adversaries from compromising defense systems, stealing sensitive information or crippling operational capabilities, the council said.

Homeland security and the protection of critical infrastructure constitute one of the strategy’s four central pillars, supported by three primary objectives.

The first objective is to conduct comprehensive assessments of potential information security risks and develop countermeasures to bolster critical infrastructure protection and defense readiness.

The second aims to strengthen national defense, public welfare, disaster preparedness and democratic resilience through robust regulation and enforcement of cybersecurity standards.

The third objective is to enhance information security preparedness to safeguard national security and ensure regional peace and stability.

As a concrete step, the strategy calls for the establishment of a national information security center to monitor nation-level security risks. The center would bolster interagency coordination and response mechanisms, ensuring that resources can be rapidly mobilized to address major cybersecurity incidents, it said.

The strategy also said the government should clearly define information security objectives and requirements for defense and law enforcement agencies, and recommends prioritizing the allocation of resources toward intelligence gathering, threat analysis, and the development of proactive defense capabilities.

In addition, the strategy recommends that the government conduct a comprehensive inventory of key agencies and critical infrastructure facilities, categorize them by risk level, and regularly review them to ensure compliance with security regulations.

It also calls for stronger oversight of critical infrastructure facilities, enforcement of incident investigation and accountability mechanisms, and the assurance that all agencies meet established information security standards.

National security and information security agencies should work with critical infrastructure operators to implement a comprehensive action plan aimed at enhancing network resilience, it said.

The strategy also urges the establishment of an interagency coordination platform to strengthen operational resilience during emergencies.

Furthermore, it proposes the creation of a dedicated information security protection team to be able to rapidly respond to emergencies involving critical infrastructure.

Third-party information security drills and tabletop exercises should be established to test and verify information security defense and response mechanisms, it said.

