Tue, Jan 17, 2017 - Page 1 News List

Cybersecurity bill hurt by staff shortfall

DEFICIT OF 1,000:Several regional governments said their needs are even more pressing than the Cabinet’s, as they only have one or two information-security staff

By Lee Hsin-fang, Lo Tien-pin and William Hetherington  /  Staff reporters, with staff writer

A cybersecurity bill drafted by the Cabinet aimed at countering network attacks and protecting the nation’s sensitive information would need at least an additional 1,000 qualified information security specialists to implement effectively, Cabinet sources said.

The reading of the information security management draft bill has been postponed until the next session of the legislature to address the personnel shortage and other issues.

Various higher-level departments under the purview of the Cabinet have reported that their information-security staff are part-time and of an insufficient quantity to meet the changes to their roles proposed in the bill, sources said.

Several regional government departments have reported that their increased personnel needs would be even more pressing, as they only employ one or two cybersecurity staff, the sources said.

National Development Council Director Chien Hung-wei (簡宏偉) yesterday said that his agency is looking at short-term solutions to the shortfall, such as outsourcing work or hiring contractors.

In the long term the government would institute an information-security training program for government staff, he said.

The Cabinet is assessing information-security personnel needs at both central and regional levels, and plans to release a short and mid-term strategic plan once a complete assessment has been made, he said.

The government’s information-security needs cannot be solved by throwing money at the problem, as the work is very complex and requires talented professional personnel, academics said.

The government must be resolute in its execution of an information-security program, they said.

The program should not be executed from a management perspective, National Cheng Kung University Department of Electrical Engineering professor Lee Chung-hsien (李忠憲) said, adding that the bill’s name should be changed to reflect its aim of “promoting” rather than “managing” information security.

The aim of the bill should be to assist organizations with the protection of sensitive data, Lee said, adding that managing organizations and penalizing those that leak data are only aspects of the overall task.

The government must strengthen organizations’ abilities to carry out protection of sensitive information, Lee said, adding that it should be flexible in its employment of qualified personnel.

The government must proceed on the basis of established standards and regulations for information security, Lee said, adding that a special task force is needed to “put out fires” when network attacks occur.

The government should act to pass the bill quickly to show its determination on the issue and a clause could be added to allow relevant organizations time to adequately prepare, National Chiao Tung University computer science professor Lin Ying-ta (林盈達) said.

Solving the issue would require the senior officials of all relevant organizations to recognize the seriousness of protecting their information, National Taiwan University electrical engineering professor Lin Tsung-nan (林宗男) said.

The organizations should solve the staff shortfall by hiring from within their own ranks, Lin said, adding that the government must show its resolve by allocating an appropriate budget.

This story has been viewed 15078 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top