Agencies told to adopt computer security rules | #itsecurity | #infosec | #hacking | #aihp

EXECUTIVE YUAN:
An order said that contractors that bid on cybersecurity projects should not set a minimum estimate and should prioritize capability

• By Lee Hsin-fang and Jake Chung / Staff reporter, with staff writer

Government agencies should prepare to implement an administrative order regarding the procurement of enhanced cybersecurity for information technology (IT) systems, while at least 5 percent of every project’s funding should be used to improve cybersecurity, the Executive Yuan said.

Agencies must submit a written explanation if they fail to do so, or enact compensatory measures, the Executive Yuan said.

Government agencies are often targeted by Chinese cyberattacks and the order is to address an apparent lack of attention to IT systems at government agencies, especially when such work is subcontracted to cybersecurity firms, the Executive Yuan said.

Subcontractors that bid on cybersecurity projects outsourced by government agencies must do so in accordance with the Government Procurement Act (政府採購法), while there should not be a minimum estimate of costs and capability should be prioritized, the order says.

If a subcontractor fails to meet the requirements, it must provide reasons for its shortcomings and describe how it would ensure cybersecurity to be eligible to bid for government contracts, it says.

When establishing or maintaining a cybersecurity system, agencies must assess the level of security needed and what resources could be allocated to the procurement process, it says.

The agencies should also assess what level of IT and cybersecurity proficiency their employees should have, it says.

Agencies must have their resident IT technicians work with the Executive Yuan’s IT management division to ensure that systems follow cybersecurity protocols, such as maintaining login systems, backing up data, fine-tuning systems, upgrading servers and maintaining the server environment, the Executive Yuan said.