Chapter II. Reporting, Response and Drills of Cyber Security Incidents of Government Agencies |
| Article 6 | A government agency shall, within one hour after becoming aware of a cyber security incident, report the matter on the system platform designated by the competent authority.
Where the level of the cyber security incident changes under the preceding paragraph, the government agency shall continue to update the report in accordance with the preceding paragraph.
Where reporting cannot be made in the manner specified in Paragraph 1 for any reason, the government agency shall report in another appropriate manner within the prescribed timeframe and state the reason why it was unable to report in the prescribed manner.
After the reason for being unable to report in the manner required under Paragraph 1 has been eliminated, the government agency shall report the matter retroactively in the prescribed manner. |
|
| Article 7 | The agency notified pursuant to Paragraph 2, Article 17 of the Act shall, after receiving a report of a cyber security incident, complete its review of the incident level within the following timeframes and may change the level based on the review results:
1. Within eight hours after receipt of a report of a level 1 or level 2 cyber security incident.
2. Within two hours after receipt of a report of a major cyber security incident.
After completing the review under the preceding paragraph, the notified agency shall, within one hour, notify the competent authority of the review results and provide information on the basis for the review.
Upon receipt of the notification under the preceding paragraph, the competent authority shall further review the incident level based on the relevant information and may change the level based on the review results. However, where it deems it necessary, or where the notified agency fails to notify the review results as required, the competent authority may directly review the cyber security incident and change its level. |
Info |
| Article 8 | Upon becoming aware of a cyber security incident, a government agency shall, within the following timeframes, complete damage-control or recovery operations and notify the notified agency under Paragraph 2, Article 17 of the Act in the manner designated by the competent authority:
1. Within 72 hours after becoming aware of a level 1 or level 2 cyber security incident.
2. Within 36 hours after becoming aware of a major cyber security incident.
After completion of the damage control or recovery operations under the preceding paragraph, the government agency shall continue the investigation and handling of the cyber security incident, and shall submit the investigation, handling, and corrective action report on the cyber security incident to the notified agency referred to in the preceding paragraph within one month, in the manner designated by the competent authority.
The timeframe for submission of the investigation, handling, and corrective action report under the preceding paragraph may be extended with the consent of the notified agency referred to in Paragraph 1.
The investigation, handling, and corrective action report referred to in Paragraph 2 shall include the matters specified in Article 12 of the Enforcement Rules of the Act.
Where the notified agency referred to in Paragraph 1 deems it necessary, or finds any violation of laws or regulations, impropriety, or other matter requiring improvement in the damage-control or recovery operations under the same paragraph or in the report submitted under Paragraph 2, it may require the government agency to provide explanations and make adjustments. |
Info |
| Article 9 | The agency notified pursuant to Paragraph 2, Article 17 of the Act shall, as circumstances require, provide necessary support or assistance with respect to the reporting and response operations for cyber security incidents carried out by its subordinate or supervised government agencies, and the following entities under its jurisdiction: township (town, city) offices, district offices of indigenous districts in special municipalities, township (town, city) representative councils, and representative councils of indigenous districts in special municipalities.
The competent authority shall, as circumstances require, provide necessary support or assistance for the response operations for cyber security incidents carried out by government agencies.
After a government agency becomes aware of a major cyber security incident, its Chief Information Security Officer shall convene a meeting to discuss relevant matters and may request relevant agencies to provide assistance. |
Info |
| Article 10 | The directly affiliated agencies of the Office of the President, the National Security Council, and the Five Yuans shall plan and carry out cyber security drills for themselves or for their subordinate or supervised government agencies. Within one month after the drills are completed, they shall submit a report on their implementation and results to the competent authority. The drills shall include at least the following items:
1. Social engineering drills shall be conducted once every six months.
2. Reporting and response drills for cyber security incidents shall be conducted once every year.
The Office of the President, the National Security Council, the Five Yuans, and special municipality and county/city councils shall plan and conduct the cyber security drill operations referred to in the preceding paragraph.
Special municipality and county/city governments shall, in accordance with Paragraph 1, plan and carry out cyber security drills for themselves or their subordinate or supervised government agencies, as well as the following agencies:
1. The township (town, city) offices and district offices of indigenous districts in special municipalities under their jurisdiction, and their subordinate or supervised government agencies.
2. The representative councils of townships (towns, cities) and indigenous districts of special munici palities referred to in the preceding subparagraph. |
|