Research on the Introduction of Privacy Protection Management Mechanisms and Data Value-Added Services into Communications Enterprises in 2020
The global economy is shifting away from traditional economic models towards an emerging digital era as technology advancement and new applications are introduced. The rapidly changing digital age has led to a gradual transformation in the way digital technology is used in the industry, thereby driving the overall growth of the global digital economy. The digital economy is driven by "data," and how data is used, its purpose, risks and regulation are all inextricably intertwined with industrial development and application, as is the case for the communications industry.
As such, while the free circulation of data has become central to international free trade and economic operations, it is not only conducive to the promotion of transnational business and economic and trade interactions, but also fraught with worry and concern over how to ensure the protection and security of personal data and privacy. As a result, the issue of how to adapt the data risk control mechanism and related complementary measures so that they can be applied to the industry and comply with regulatory requirements has become a global reality that must be actively addressed. As far as Taiwan is concerned, when considering how to cope with industry needs, there is a pressing need to strike a balance between personal data and international regulatory requirements, and to expedite the legitimate utilization of personal data protection and data value-added service in the sector in an effort to facilitate the development of the digital economy.
II. Recommendations on Data Governance and Innovative
Application Planning. According to the aforementioned international data strategies and strategies for innovative data applications, the development of the data economy as a whole is driven by the formulation of overall superior policies, with a view to fully utilizing the potential value of data and building a vibrant ecosystem suited for innovative data applications. With the outbreak of COVID-19 this year, the application of data will be crucial in the post-pandemic era. It is also observed that data applications are gradually moving towards cross-boundary sharing and reuse, and empowerment of data subjects, and therefore, in light of the above observations and findings, we offer recommendations on data governance and innovative application planning. First, as for the establishment of a ministry and mechanism for data application and communication, since there is no single dedicated authority in Taiwan, and the formation of a ministry for science and technology development is now under intense discussion, data application may become an important function of the ministry, so we have to consider an authority for data application and communication. Further, there is currently no sandbox mechanism for data application in Taiwan. Reference should be made to the British data communication mechanism for providing legal advice and consultation sought on data application regulation.
Second, with regard to the formulation of regulations and amendments to existing laws relating to data applications, the most noteworthy is the EU Data Governance Act 2021. Taiwan does not have a complete and appropriate legal framework for data application, except for the Freedom of Government Information Law, the Personal Data Protection Act (PDPA) and the relevant laws and regulations distributed in various fields, and the nation is currently seeking an adequacy decision from the EU, and therefore our PDPA needs to be amended accordingly, yet no progress has been made at this stage. Consequently, a comprehensive strategy should be developed by taking into account both the formulation of the basic data application regulations and the amendments to the current PDPA, in order to achieve long-term data governance and application and sharing.
Lastly, in terms of the incorporation of the concept of data empowerment and the design of the mechanism, the international trend moves towards data empowerment to give data subjects more control over their data. The Financial Supervisory Commission (FSC) of Taiwan has also incorporated this idea in its open banking, so has the National Development Council’s (NDC) MyData program. As such, it is suggested that the government should provide guidelines or devise the relevant system, or even make reference to the Japanese data bank mechanism regarding the establishment of intermediaries to assist consumers in managing their data, which could be used as a reference for the design of the mechanism in the future.
III. Accountability for and Management of Data Use in Enterprises
Among the countries studied regulation of Singapore and Taiwan are similar and have adopted the development of digital economy as their main economic strategy, but Singapore has been more proactive than Taiwan in the design of the legal system to facilitate the use of data. Therefore, with regard to the control of data use in businesses by the competent authorities, this Project, by looking at the amendment to the Singaporean PDPA, aims to reinforce the regulation of the accountability system and the operation of the existing series of guidelines. From the changes in Singapore's PDPA, it can be observed that the competent authorities can refer to the practices of enterprises in the use of data.
First of all, the existing regulations in Taiwan tend to have more about compliance than accountability, with emphasis being placed on data security maintenance and compliance with the PDPA. For instance, Taiwan’s “Regulations Governing Security Measures of the Personal Information File for Non-government Entities Designated by National Communications Commission” focus on following the law on the use of personal data. Nonetheless, the so-called accountability means that the competent authorities must oversee the implementation of data protection measures and policies of enterprises, not just pro forma compliance with the letter of the law.
The second observation is that Singapore is quite proactive in addressing the need for data use in the development of its digital economy by making an exception to innovative uses regarding informed consent. The inclusion of data portability also represents a heightened control of the data subject. These amendments are all related to Singapore's policy of actively developing its smart nation initiative and signify a more proactive approach by the authorities in monitoring the use of data by businesses. Taiwan needs to be more open and precise in regulating the use of data for the development of its digital economy.
Finally, there is increased flexibility in enforcement, as authorities can resolve disputes between subjects over data use more quickly through the introduction of mediation or other alternative dispute resolution (ADR) mechanisms. Meanwhile, the Personal Data Protection Commission (PDPC) has developed industry-specific consultation guidelines, recognizing that there may be specific issues for different industries. The PDPC noted that these guidelines are based on the partnerships, consultations and feedback associated with the relevant industries, and close collaboration with the industry's authorities of target businesses.
Despite the lack of a dedicated authority for personal data protection, Taiwan can first build a cross-industry coordination and communication platform, and then collaborate across ministries to primary integrate standards in personal data protection to facilitate the needs of industrial innovation in the digital economy.
Regarding the issue of critical infrastructure protection, the emphasis in the past was put on strategic facilities related to the national economy and social security merely based on the concept of national defense and security1. However, since 911 tragedy in New York, terrorist attacks in Madrid in 2004 and several other martial impacts in London in 2005, critical infrastructure protection has become an important issue in the security policy for every nation. With the broad definition, not only confined to national strategies against immediate dangers or to execution of criminal prevention procedure, the concept of "critical infrastructure" should also include facilities that are able to invalidate or incapacitate the progress of information & communication technology. In other words, it is elevated to strengthen measures of security prevention instead. Accordingly, countries around the world have gradually cultivated a notion that critical infrastructure protection is different from prevention against natural calamities and from disaster relief, and includes critical information infrastructure (CII) maintained so that should be implemented by means of information & communication technology into the norm. In what follows, the International CIIP Handbook 2008/2009 is used as a research basis. The Subjects, including the coverage of CIIP, relevant policies promoted in America, are explored in order to provide our nation with some references to strengthen the security development of digital age. 1. Coverage of Important Critical Information Infrastructures Critical infrastructure is mainly defined in "Uniting and Strengthening our country by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, as known as Patriot Act of the U.S., in section 1016(e)2 . The term ‘critical infrastructure’ refers to "systems and assets, whether physical or virtual, so vital to our country that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters." In December 2003, the Department of Homeland Security (DHS) promulgated Homeland Security Presidential Directive 7 (HSPD-7)3 to identify 17 Critical Infrastructures and key resources (CI/KR) ,and bleuprinted the responsibility as well as the role for each of CI/KR in the protection task. In this directive, DHS also emphasized that the coverage of CI/KR would depend on the real situations to add or delete sectors to ensure the comprehensiveness of critical infrastructure. In March 2008, DHS added Critical Manufacturing which becomes the 18th critical infrastructure correspondent with 17 other critical infrastructures. The critical infrastructures identified by DHS are: information technology, communications, chemical, commercial facilities, dams, nuclear reactors, materials and waste, government facilities, transportation systems, emergency services, postal and shipping, agriculture and food, healthcare and public health, water, energy (including natural gas, petroleum, and electricity), banking and finance, national monuments and icons, defense industrial Base, and critical manufacturing. 2. Relevant Policies Previously Promoted With Critical Infrastructure Working Group (CIWG) as a basis, the President's Commission on Critical Infrastructure Protection (PCCIP) directly subordinate to the President was established in 1996. It consists of relevant governmental organizations and representatives from private sectors. It is responsible for promoting and drawing up national policies indicating an important critical infrastructure, including natural disasters, negligence and lapses caused by humans, hacker invasion, industrial espionage, criminal organizations, terror campaign, and information & communication war and so on. Although PCCIP no longer exists and its functions were also redefined by HDSP-7, the success of improving cooperation and communication between public and private sectors was viewed as a significant step in the subsequent issues on information security of critical infrastructure of public and private sectors in America. In May 1998, Bill Clinton, the former President of the U.S., amended PCCIP and announced Presidential Decision Directive 62, 63 (PDD-62, PDD-63). Based on these directives, relevant teams were established within the federal government to develop and push the critical infrastructure plans to protect the operations of the government, assist communications between the government and the private sectors, and further develop the plans to secure national critical infrastructure. In addition, concrete policies and plans regarding information security of critical infrastructure would contain the Defence of America's Cyberspace -- National Plan for Information Systems Protection given by President Clinton in January, 2000 based on the issue of critical infrastructure security on the Internet which strengthens the sharing mechanism of internet information security messages between the government and private organizations. After 911, President Bush issued Executive Order 13228 (EO 13228) and Executive Order 13231 to set up organizations to deal with matters regarding critical infrastructure protection. According to EO 13228, the Office of Homeland Security and the Homeland Security Council were established. The duty of the former is mainly assist the U.S. President to integrate all kinds of enforcements related to the protection of the nation and critical infrastructure so as to avoid terrorist attacks, while the latter provides the President with advice on protection of homeland security and assists to solve relevant problems. According to EO 13228, the President's Critical Infrastructure Protection Board directly subordinate to the President was established to be responsible for offering advice on polices regarding information security protection of critical infrastructure and on cooperation plans. In addition, National Infrastructure Advisory Council (NIAC), which consists of owners and managers of national critical infrastructure, was also set up to help promote the cooperation between public and private sectors. Ever since the aforementioned executive order, critical infrastructure protection has been more concrete and specific in definition; for instance, to define critical infrastructure and its coverage through HSPD-7, the National Strategy for Homeland Security issued in 2002, the polices regarding the National Strategy to Secure Cyberspace and the National Strategy for Physical Protection of Critical Infrastructure and Key Assets addressed by the White House in 2003; all of this are based on the National Strategy for Homeland Security. Moreover, the density of critical infrastructure protection which contains virtual internet information security was enhanced for the protection of physical equipment and the protection from destruction caused by humans. Finally, judging from the National Infrastructure Protection Plan (NIPP), Sector-Specific Plans (SPP) supplementing NIPP and offering a detailed list of risk management framework, along with National Strategy for Information-Sharing, the public-private partnership (PPP) and the establishment of information sharing mechanism are highly estimated to ensure that the network of information security protection of critical infrastructure can be delicately interwoven together because plenty of important critical infrastructures in the U.S. still depend on the maintenance and operation of private sectors. 1.Cf. Luiijf, Eric A. M. , Helen H. Burger, and Marieke H. A. Klaver, “Critical Infrastructure Protection in the Netherlands：A Quick-scan”. In：Gattiker, Urs E. , Pia Pedersen, amd Karsten Petersen (eds. ) . EICAR Conference Best Paper Proceedings 2003, http://cip.gmu.edu/archive/2_NetherlandsCIdefpaper_2003.pdf （last accessed at 20. 07. 2009） 2.For each chapter of relevant legal cases, please visit http://academic.udayton.edu/health/syllabi/Bioterrorism/5DiseaseReport/USAPatriotAct.htm. The text regarding the definition of critical infrastructure is cited as "Critical Infrastructure Defined- In this section, the term “critical infrastructure” means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matter. " 1.Cf. Luiijf, Eric A. M. , Helen H. Burger, and Marieke H. A. Klaver, “Critical Infrastructure Protection in the Netherlands：A Quick-scan”. In：Gattiker, Urs E. , Pia Pedersen, amd Karsten Petersen (eds. ) . EICAR Conference Best Paper Proceedings 2003, http://cip.gmu.edu/archive/2_NetherlandsCIdefpaper_2003.pdf （last accessed at 20. 07. 2009） 2.For each chapter of relevant legal cases, please visit http://academic.udayton.edu/health/syllabi/Bioterrorism/5DiseaseReport/USAPatriotAct.htm. The text regarding the definition of critical infrastructure is cited as "Critical Infrastructure Defined- In this section, the term “critical infrastructure” means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matter. " 3.Introduction of Consumer Protection in Taiwan , Republic of China , Consumer Protection Commission (CPC), Executive Yuan.http://www.fas.org/irp/offdocs/nspd/hspd-7.html ( Last visit 2008/6/27 )The effective and innovative way to use the spectrum: focus on the development of the "interleaved/white space"
1. Prologue Flexible and collective usage of spectrum is the mainstream in the modern times. Julius Genachowski, chairman of the Federal Communications Commission, delivered the keynote address to the CTIA-Wireless Association convention on Oct. 7, 20091. He said the U.S. government has been tripling the amount of spectrum available for commercial uses. The problem is that many industry experts predict wireless traffic will increase 30 times because of online video and other bandwidth-heavy applications. Accordingly, he warned that the shortage of spectrum would be a crisis for the on-going evolution of mobile broadband communication. Therefore, it’s critical for using precious spectrum effectively. Now, with the breakthrough of ICT, there is an alternative solution to this crisis: "application of interleaved/white space". 2. The cure for shortage of the spectrum To solve the shortage and ineffective use of scarce spectrum, developed countries have innovated technology to overcome the dilemma. Accordingly, the cognitive radio (CR) network with OFDMA (Orthogonal Frequency Division Multiple Access)2 systems, namely "spectrum sensing", to use the interleaved/white space is the therapy nowadays, especially after digital switchover (DSO). CEPT (European Conference of Postal and Telecommunications Administrations) identified "white space" as a part of the spectrum, which is available for a radio-communication application (service, system) at a given time in a given geographical area on a non-interfering / non-protected basis with regard to primary services and other services with a higher priority on a national basis. Specified clearly, the wording of "White Spots" or "White Spaces" or "Interleaved Spectrum" applied by CEPT has been used to introduce a concept of frequency spectrum which is potentially available at a given time for further utilization within frequency spectrum originally planned for broadcasting in GE063. The current CEPT view is that any new white space applications should be used on a non protected non interfering basis. Further studies are required into the framework needed to enable the use of CR devices within white space spectrum. Meanwhile, Millions more — both rural and urban — couldn’t afford computers and internet access in the United States. Yet big telephone and cable companies won’t bring broadband internet to rural America. Therefore, U.S. administration takes it seriously and considers to bridge the "digital gap" via CR networks for using white space to high-speed wireless internet access in rural area. Moreover, innovative way to use the spectrum after DSO could also satisfy the demand of band immediately with National Broadband Plan which proposed by President Barack Obama. 3. The definition and function of "white/interleaved space" In a word, the spectrum licensed to commercial use or public safety is not always occupied totally all the time. Accordingly, some bands are vacant just like "white" or "interleaved". If communicators use these interleaved and fragmented bands temporally, the spectrum-usage will be more effective and the cost of the spectrum now we used will be much lower. Not only U.S but also UK regulator Ofcom has published a discussion document to explore the possibility of using interleaved spectrum to wirelessly link up different devices and offer enhanced broadband access in rural areas. The idea is based on the development of technology that could search for unoccupied radio waves between TV channels to transmit and receive wireless spectrum. Take DSO in U.S. for example, when TV goes digital in June, 2009, TV broadcasters will use only a small portion of the public airwaves they are allocated.4 This is because digital transmissions can be packed into adjacent channels, while analog ones cannot. This means that the band can be "compressed" into fewer channels, while still allowing for more transmissions, which could result in a kind of "white space" (or so-called digital dividend) mentioned above. In most rural areas, 60 to 70 percent of these digital airwaves will be vacant. It goes without saying that those bands will be idle, which will also increase the cost the spectrum-usage. However, the TV band can carry a broadband signal that penetrates buildings, travels great distances, and penetrates heavy foliage. If people could search the "spectrum hole", off course, with CR or DSA (Dynamic Spectrum Sensing), and then link up those unoccupied band for wireless communication, the compelling needs of spectrum will be eased. Most important of all, this innovative way fits the trend of collective and flexible spectrum usage in 3G/4G era. 4. The key to open "white space" Undoubtedly, the WSD (White Space Devices) is the key to open the new gate. FCC issues some R&O to test WSD for welcoming white space. On October 5, 2007, OET (the Office of Engineering and Technology) of FCC issued a public notice inviting submittal of additional prototype devices for further tests (Phase II). On February 24, 2010, OET selected Wilmington, North Carolina, for the test market for the DTV transition, and unveiled a new municipal Wi-Fi network, after a month of testing. OET permitted that TV Band has an 18-month experimental license.5 For the goal of "smart city", the network has used the white space made available by the end of analog TV transmission. Spectrum Bridge (a famous company devoted to working out WSD and solution to white space)6 has worked to make sure TV stations in the market do not receive interference (no interference issues have been reported), and the company hopes to do the same if similar service becomes nationwide. The "smart city" network will not compete with cell phone companies but will instead be used for "national purposes", including government and energy monitoring (i.e. Smart Grid). TV Band Network, made up of private investors, has put up cameras in parks, and along highways to show traffic. Other uses include water level and quality, turning off lights in ball parks, and public Wi-Fi in certain areas.7 This success has promptly encouraged those have eyed unlicensed band/devices for wireless broadband internet access, especially the White Spaces Coalition8. The White Spaces Coalition consists of eight large technology companies that originally planned to deliver high speed broadband internet access beginning in June 2009 to United States consumers via existing white space in unused television frequencies between 54-698 MHz (TV Channels 2-51). The coalition expects speeds of 80 Mbps and above, and 400 to 800 Mbps for white space short-range networking9. Therefore, the Coalition hasn’t only pushed FCC to free up the band, namely unlicensed-band approach, but also eagerly innovated the WSD and advanced IT technology (i.e. Geo-Location, CR, DSA, OFDMA and IEEE 802.2210 …etc. ) to promote the awareness of white space. 5. How to use the key to unlock the door ? First of all, Geo-Location technology is the threshold to use the white space. Geo-Location is the identification of the real-world geographic location of Internet-connected computers, mobile devices, website visitors or others. In avoidance of band-interference and public safety communication, users mustn’t interfere with the prior ones, or s/he couldn’t access the band via WSD. Thus, Geo-Location can assist WSD users, just like a beacon, to avoid the occupied band and keep them away from nearby transmissions. Second, a spectrum database that contains Geo-Location information about devices using the free channels in the radio spectrum and some strong database managers are needed. Frankly speaking, the original idea was that WSD would detect existing users and switch frequencies to avoid them, but that's technically dubious and hasn't been demonstrated to FCC's satisfaction. So the proposed solution requires devices to locate themselves then connect to a database which will allocate a frequency along with a timeout, after which the device will have to repeat its request. For example, the followings are the necessary information in the TV database. • Transmitter coordinates (latitude and longitude), • Effective radiated power (ERP), • Height above average terrain of the transmitter (HAAT), • Horizontal transmit antenna pattern (if the antenna is directional), • channel number, • Station call sign. In a word, in order to protect existing broadcasters, FCC mandated the creation of a Geo-Location database that details what spectrum is in use and where. Furthermore, the idea is that unlicensed broadband devices will tap this database before sending or receiving data, using the info in tandem with spectrum sensing technologies to avoid interference. Accordingly, White Spaces Database (WSDB) was introduced, a DB which would permit public access to register and discover devices and the frequencies used based on their location11. This database would be used in conjunction with local device discovery to avoid contention between devices. FCC has worried about that no one has ever run a radio system like this, so no one can really claim experience in the area (though most of the proposals try). The FCC commissioner Robert McDowell has raised an eyebrow at Google's request to serve as an administrator of a national database detailing the use of white-space spectrum. Google proposes the operation of a WSDB for at least five years, promising to "transfer to a successor entity the Database, the IP addresses and URLs used to access the Database, and the list of registered Fixed WSD" in case they cannot live up to it. Google does not plan to "implement per-query fees"12 , but they are considering a per-device fee. No decision has been made yet, but the FCC allows a WSDB administrator to charge such fees.13 Finally but innovating initially, it’s the Cognitive Radio system (CR). There are various definitions of CR. Herewith the paragraph 10 of the FCC 03-322 NPRM, the definition of Cognitive Radio could be specified as a radio that can change its transmitter parameters based on interaction with the environment in which it operates. The following figure shows how the Cognitive Radio System does work. Figure 1.Cognitive Radio System Let’s explain it more clearly and vividly. Imagine a radio which autonomously detects and exploits empty spectrum to increase your file transfer rate. Suppose this same radio could remember the locations where your calls tend to drop and arrange for your call to be serviced by a different carrier for those locations. These are some of the ideas motivating the development of cognitive radio. In effect, a cognitive radio is a software radio whose control processes leverage situational knowledge and intelligent processing to work towards achieving some goal related to the needs of the user, application, and network. Although cognitive radio was initially thought of as a software-defined radio extension (Full Cognitive Radio), most of the research work is currently focusing on Spectrum Sensing Cognitive Radio. In other words, the focus on CR has been switched into "DSA" (Dynamic Spectrum Access) nowadays.14 Therefore, some fellows replace Cognitive Radio with "Cognitive Systems" for accurate description.15 The following is the figure to show the function of DSA to detect "spectrum hole" that could be used as TV white space.16 Figure 2.The sensing of the spectrum hole "Digital dividend", one kind of interleaved/white space, has been viewed as precious band in Unite Kingdom, too. In U.K., its regulatory body, Ofcom, has also published a discussion document to explore the possibility of using these "dividend" to wirelessly link up different devices and offer enhanced broadband access in rural areas. Ofcom has predicted that could enable the use of the spectrum in this way would take at least three years to develop. Possible applications include mobile broadband, the transmission of home media such as photos from cameras to a computer wirelessly and the ability to control appliances in the home. Moreover, Ofcom firmly contended that if there was evidence that interference could be avoided, it would allow the use of interleaved spectrum without the need for individual licenses, the same as the FCC’s policy. However, local TV coalition United for Local Television (ULTV)17 has strongly criticized the Ofcom’s current proposal to appoint a band manager to "control" interleaved spectrum (and make it available to applications such as wireless microphones for special events) and to ensure that the spectrum is made available to local TV groups on fair, reasonable and non-discriminatory terms. According to current proposals, Ofcom’s "band manager" would be required to allocate spectrum to special event organizers on fair and non-discriminatory terms but not to local TV groups. ULTV has protested this unfair condition. In contrast, FCC has clearly issued the "2nd report" to mandate the bidder of upper 700 MHz D block should apply to fair and non-discriminatory terms. 6. Technological challenges for accessing white space In November 2008 the FCC issued an R&O on the unlicensed use of TV white space.18 The FCC regulated some vital requirements to rule the usage of TVWS in this document. These requirements impose technical challenges for the design of devices operating in TV white space spectrum, which brings new tough task for the innovation and production of WSD.19 These new rules provide an opportunity but they also introduce a number of technical challenges. The challenges require development of cognitive radio technologies like spectrum sensing as well as new wireless PHY and MAC layer designs. For example, the development of spectrum sensing techniques involves RF (Radio Frequency) design, robust signal processing, pattern recognition and networking protocols… etc. The choice of RF architecture is no longer merely a hardware issue, but will directly affect the upper layer performance. Furthermore, these challenges include spectrum sensing of both TV signals and wireless microphone ones, frequency agile operation, geo-location, stringent spectral mask requirements, and of course the ability to provide reliable service in unlicensed and dynamically changing spectrum.20 In addition, the FCC has strict out-of-band emission (OOBE) requirements to prevent interference with licensed transmissions in other channels. A detailed description of these out-of-band emission requirements and their impact on the transmission spectral mask for WSD is provided in Section VII of the R&O. Unfortunately, there are still other hurdles to be overcome. While the frequencies used by television stations do have a long reach and easily penetrate walls, it is important to remember that these signals are one-way communications, often broadcast from giant antennas at megawatts of power. For gadgets and computers, a much lower transmission power would be used, greatly decreasing the range of the White Space devices. So are we talking the Wi-Fi-like ranges here or 3G-like ranges? The National Association of Broadcasters has also questioned the ability of WSD to operate without interfering with television broadcasts. In addition, wireless microphones could be affected, although Google has proposed a "beacon" that could be utilized alongside existing wireless microphone equipment that would alert WSD not to operate on the same channel. Last but not least, how to ensure QoS of WSD users is implicit trouble. The Cognitive Radio system should provide that fast, robust, coordinated sensing and quite periods and to protect incumbents as well as provide QoS. It will be a dilemma faced by the regulatory bodies and ICT industry. Another real-world problem is that there are no WSD for consumers and even if someone comes out with a new product, it will likely be very expensive since it isn’t widely produced,21 although Spectrum Bridge has proven one example mentioned above. Nevertheless, some people still criticized what Spectrum Bridge has done probably could have used 5 GHz for the point-to-point backhaul connections. "The Smart City" is using Wi-Fi for the last mile rather than white spaces because there are no white space devices on the consumer end. Rick Rotondo, chief marketing officer for Spectrum Bridge argued Spectrum Bridge tried using Wi-Fi at 2.4GHz, 5GHz would never have made it; 2.4 didn’t make it. However, Spectrum Bridge did use Wi-Fi for the last hundred feet, not the last mile, but for the last hundred feet because there are Wi-Fi receivers built into laptops and smartphones and that’s who we wanted to be able to connect to this network. It sounds like a tautology. 7. What’s beyond the white space ? What kind of ICT could people apply to after getting the white/interleaved space? "Super Wi-Fi" is the first application connected with white space. As Larry Page, co-founder of Google, has described that white spaces are like "Wi-Fi on steroids" linked up wireless internet with much faster speeds, stronger signals and more affordable costs. Besides, there are other advanced ICT could function via white space, such as LTE, IPTV, MediaFLO, DVB-H, ISDB-T, MVNO, ITS (DSRC) and so on. 8. Vision: Legal challenges for accessing white space in Taiwan Although not mentioned above, FCC indeed allows the secondary-market of spectrum boosting in U.S. That’s an important reason, or motivation, to develop white space applications and regulations. In other words, the spectrum, not the license, could be auctioned, leased, retailed, weaved and so on. However, the regulatory mode of communication in Taiwan is "Vertical Regulatory Framework", which would be an obstacle to evolve the spectrum-usage in contrast to U.S and EU. Under the interpretation of Legal Positivism, Taiwan Budget Act Article 94 states, "Unless otherwise provided for by law, grant of quota, frequency, or other limited or fixed amount special licenses shall be conducted by open auction or public invitation to tender and the proceeds of which shall be turned in to the national treasury." Hereby, the administration could really fulfill the legal assignment via public invitation to tender or auction for the "license", not the band. Nevertheless, the administration does not apply auction process to issue the licenses, but approaches the frequency licenses with "Radio and Television Act" and "Administrative Regulations on Radio Waves" which is promulgated under the Telecommunications Act in accordance with the first paragraph of 48, Section 1 of said Act instead. Step closely, Radio and Television Act Article 4 firmly states, "The frequencies used by radio/television businesses are owned by the state and their allocation shall be planned by the MOTC in conjunction with the regulatory agency. The frequencies mentioned in the preceding paragraph may not be leased, loaned, or transferred. (emphasis added)". This article has resulted in inflexible use of spectrum, and dragged the collective use of spectrum, too. Undoubtedly, only we have to do is to amend the article for accessing white space in accordance with Legal Positivism. Second, according to Administrative Regulations on Radio Waves, the National Communications Commission shall be responsible for the overall coordination and regulation of radio waves including radio frequencies, power, emission method and radio station identification call sign etc., which shall not be used or altered without approval. Thus, under the justice of legal system, NCC should revise the spectrum policy/regulations in harmony with Administrative Regulations on Radio Waves. For example, the Article 6 and 10 separately regulates, "The radio equipment shall adopt the latest technical advances to limit the number of frequencies and the frequency bandwidth used to the minimum essential for the necessary services. The frequency assigned to a station of a given service shall be separated from the limits of the band allocated to this service in such a way that, taking account of the frequency band assigned to a station, no harmful interference is caused to services to which frequency bands immediately adjoining are allocated." Therefore, WSD indeed, even necessarily, should be applied to band management and revolution of ICT industry. Moreover, Central Regulation Standard Act Article 5 (embodied the principle of constitutional requirement of a specific enactment) also requires, "The following objects shall be stipulated by a statute: 1. It is required to stipulate by a statute as the Constitution or a statue expressly stipulated. 2. Stipulation concerns the rights or obligations of the people. 3. Stipulation concerns the organization of a government agency at national level. 4. Other objects with substantial importance shall be stipulated by a statute." The Legislative Yuan must consider to promote the status of Administrative Regulations on Radio Waves to Statue, which conforms to Constitutional requirement. To sum up, Taiwan administration should take white space seriously, or ICT in Taiwan will be doomed as if getting lost in "space". 9. ad hoc Conclusion :Do not lock the door of white space "Open access" is the most important canon in the usage of white space. In this meaning, there are two dimensions for open access. One is unlicensed band-usage, the other is unlicensed WSD which is also unlicensed and interlocks into different operators’ networks. The later is a big task in America. FCC’s decision was contested by the TV broadcasters who fear using the freed channels would interfered with TV signals and live singers who are using the same wave spaces.22 Larry Page also argued that unlicensed white spaces offer a way for the U.S. to catch up with the rest of the world in broadband access. Today, 10% of Americans still don't have access to DSL or cable broadband, according to consultancy Parks Associates. Fortunately, the first steps towards white space communications have already been taken and FCC has approved unlicensed use of the spectrum, but FCC requires a database of all known licensed users to be deployed in order to prevent from interfering with the existing broadcasts and devices already using the space, such as licensed TV broadcasts and some wireless microphones The second dimension is unlicensed WSD to compatible different network architecture. At first, the unlicensed devices must fit the criterion which could guarantee that they will not interfere with assigned broadcasts can use the empty white spaces in frequency spectrum. In order not to harm nearby transmission, the best way is to set a standard for WSD in one network built by certain operator. For example, if WSD users want to connect to Verizon Wireless’ network, s/he has to buy/use Verizon Wireless’ WSD. However, out of Verizon Wireless’ network, WSD users have to purchase/use another WSD. It will be inconvenient and raise the cost, but quench people’s desire to use WSD. As a result, FCC issued the R&O to prevent devices-locked, so-called "discriminatory QoS", from deploying the white space proposal. Accordingly, the mandatory rule indeed slows down the innovation of WSD. Obviously, unlicensed use of the vacant TV channels is an economic and social revival waiting to happen in rural areas. In addition, white/interleaved space will manage to fit the core principle of modern spectrum-development, "collective and effective use". There are so many merits to share the "dividend", but at this time, we are still far away the real "white space". The situation in Taiwan is much worse unfortunately. 1.See FCC official document,http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-293891A1.pdf (last visited 03/05/2010) 2.OFDMA is a multi-user version of the popular Orthogonal frequency-division multiplexing (OFDM) digital modulation scheme. Multiple access is achieved in OFDMA by assigning subsets of subcarriers to individual users. This allows simultaneous low data rate transmission from several users. 3.See Final Acts of the Regional Radio-communication Conference for planning of the digital terrestrial broadcasting service in parts of Regions 1 and 3, in the frequency bands 174-230 MHz and 470-862 MHz (RRC-06). 4.In the United States, the abandoned television frequencies are primarily in the upper UHF "700-megahertz" band, covering TV channels 52 to 69 (698 to 806 MHz). 5.See http://spectrumbridge.com/web/images/pdfs/smart_city-spectrumbridge.pdf visited on 2010/2/27. 6.http://spectrumbridge.com/web/ 7.See http://showmywhitespace.com/portals/1/Spectrum%20Bridge%20Launches%20White%20Spaces%20Network%20In%20Wilmington-New%20Hanover%20County.pdf visited on 2010/2/27. 8.The group includes Microsoft, Google, Dell, HP, Intel, Philips, Earthlink, and Samsung Electro-Mechanics. 10.The standardization is another crucial issue but will not be discussed in detail hereunder. 11.In February 2009, Google joined Comsearch, Dell, HP, Microsoft, Motorola, and Neustar to form the White Spaces Database Working Group (WSDG), an effort to build such a database.. 12.Actually, the database host will know where users are and the kit they're using, both of which are commercially valuable pieces of information. Google thinks that data will pay for the database, and Google is very good at extracting value from information; but even if it can't turn white space into gold, it will have five years to drive the competition out of business. 13.See generally Google’s proposal to FCC, http://www.scribd.com/doc/24784912/01-04-10-Google-White-Spaces-Database-Proposal visited on 2010/2/28. 14.Specifying clearly, the main mechanism of CR is including, but not limited to DSA. 15.Evolution of Cognitive Radio toward Cognitive Networks is under process, in which Cognitive Wireless Mesh Network (i.e. Cog-Mesh) is considered as one of the enabling candidates aiming at realizing this paradigm change. 16.Test conducted in the rural sector west of Ottawa, Canada. See C. R. Stevenson, G. Chouinard, W. Caldwell,Tutorial on the P802.22.2 PAR for :"Recommended Practice for the Installation and Deployment of IEEE 802.22 Systems," IEEE802, San Diego, CA, 7/17/06 http://grouper.ieee.org/groups/802/802_tutorials/july06/Rec-Practice_802.22_Tutorial.ppt. 17.United for Local Television ("ULTV") is a coalition of groups and campaigners who together lobby the government to recognize local TV as a public service. ULTV argues that all citizens should have access to local TV, no matter where they live, without having to subscribe to pay-TV or broadband. ULTV proposes that the government reserve capacity for local TV services on the most popular television platform in the UK today – digital terrestrial television (commonly known as "Freeview"). ULTV anticipates that local TV channels will provide local news and sport, together with a range of other local and networked programming. ULTV envisages local TV services would also provide local advertising, for the first time offering a cost-effective option for many local businesses seeking to advertise on terrestrial TV in their target market. 18.See Second Report and Order and Memorandum Opinion and Order In the Matter of Unlicensed Operation in the TV Broadcast Bands, Additional Spectrum for Unlicensed Devices Below 900 MHz and in the 3 GHz Band, Federal Communication Commission, Document 08-260, Nov. 14, 2008. 19.In detail, the FCC distinguished fixed WSD from portable one. There are different restrictions and requirements between them. 20.See http://ita.ucsd.edu/workshop/09/files/paper/paper_1500.pdf visited on 2010/2/20. 21.See http://www.digitalmediabuzz.com/2010/03/broadband-debate-white-space/ visited on 2010/3/17. 22.See http://lasarletter.net/docs/nabpet4review.pdf visited on 2010/2/25.The Research on Cybersecurity Risks in 5G network: Perspectives on Global strategy
The Research on Cybersecurity Risks in 5G network: Perspectives on Global strategy I. The characteristics of 5G and cybersecurity threats Compared to 4G, 5G adopts several new designs on the network architecture, such as software-defined networking (SDN), a baseband unit (BBU), logical disjunction, network function virtualization (NFV), and multi-access edge computing (MEC), to provide users with high-speed, low-latency and other quality services, as well as flexibility and expansibility to accommodate more emerging applications. According to the three key usage scenarios (see Figure 1) defined by the International Telecommunication Union (ITU), enhanced mobile broadband access (eMBB) provides high-volume mobile broadband services such as AR/VR or ultra-high-definition video. Massive machine type communication (mMTC) provides large-scale IoT services. Ultra-reliability and low latency communication (uRLLC) can be used for services that require low-latency and high-reliability connections, including unmanned driving and industrial automation. However, with 5G’s open, flexible and extensible design, as well as its coexistence with other 4G and 3G systems in the early stage of commercial operation, the cybersecurity threats facing 5G networks are more severe and diverse than the past mobile phone generations. At present, the known 5G cybersecurity threats mainly come from network functional components and connection interfaces among components, including the terminal device, access network, air interface, cloud virtualization, multi-access edge computing rental, core network, back-end/backbone network, roaming and external services, and so on. Source: ITU Figure 1Three key 5G scenarios by the ITU II. Cybersecurity strategy development in major countries 5G is not only one of the critical infrastructures, but also an important foundation for pursuing a digital nation, digital economy, the industrial 4.0, and for promoting industrial transformation for upgrading. However, different scenarios require different cybersecurity protection levels, which poses great challenges to both mobile network operators and service providers. Therefore, the construction of favorable environment for 5G development, the promotion of relevant applications and the development of innovative services and so on, have become the priority of governance in the countries around the world. 1. European Union (EU) Then European Commission President Jean-Claude Juncker noted in 2017 that “Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks…Cyber-attacks know no borders and no one is immune,” indicating the EU's high priority in the cybersecurity field. The "Digital Single Market," an important EU policy, lays the foundation for digital economy based on "cybersecurity, trust and privacy." In response to the loss of billions of euros a year in cyber attacks, the EU has taken a series of measures to safeguard and advance the development of the Digital Single Market. For the purposes of this strategy, the European Commission in 2018 came up with the policy of Resilience, Deterrence and Defence: Building strong cybersecurity for the EU,with the aim of improving the level of cyber security, cyber resilience and trust in the EU, and in June 2019 passed the Cybersecurity Act  with two highlights described as follows: (1) Strengthen the authority of the European Union Agency for Network and Information Security (ENISA)(see Figure 2), increase the allocation of human and financial resources to ENISA, as well as the preparation for the work items related to the cybersecurity industry, and reinforce cyber security support for EU member states. (2) Establish the EU cybersecurity certification framework.  In the European Union, where different cybersecurity certification schemes already exist, the absence of a common certification regime would increase the risk of fragmentation of the single market. For this reason, a set of technical requirements, standards and procedures are provided under this framework to assess whether information/communication products, services and processes are in compliance with security requirements. The certification program includes product and service categories, information/communication security requirements (e.g. reference standards or technical specifications), types of assessment (e.g. self-assessment or third-party assessment), levels of security, and so on. All member states agree that certification not only facilitate cross-border business transactions, but also enable consumers to better understand the security of products and services. Source: Compiled from the ENISA websit Figure 2 ENISA organization and authority strengthening 2. the United States (U.S.) In consideration of cyber security affairs in the country, the US Department of Homeland Security (DHS) in May 2018 unveiled the "Cybersecurity Strategy," which focused on the objectives and priorities of the U.S. government in future cybersecurity protection, identifying and managing national cybersecurity risks with the overall risk management approach, and addressing security threats to the country, critical infrastructures and private enterprises, as well as preventing cybercrimes. Then the White House in September 2018 released the National Cyber Strategy of the United States of America,  based on the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure  issued in May 2017, stating the strategy and position of the United States against the threat of cyber- attacks. The strategic goal aimed to, by safeguarding cybersecurity, protect the American people, the homeland, and the American way of life, to build a secure digital economic environment, to promote American prosperity, and strengthen cooperation with partners to deter malicious cyber attackers, so as to maintain peace and security, and continue to expand U.S. influence. The department in July 2019 published the Digital Modernization Strategy  to announce its national defense strategy in the digital environment, including the use of cybersecurity, AI, cloud computing, blockchain and other technologies in information security protection to create a more secure, coordinated and efficient platform and improve the security of intelligence transmission and processing. 3. Canada Public Safety Canada in June 2018 released the National Cyber Security Strategy,  with the vision of a sustainable, robust cybersecurity environment, innovation and prosperity. Through international cooperation and a domestic public-private partnership, the department has been working on three goals: 1. cyber security and resilience (to reduce cybercrime and ensure Internet privacy; 2. Internet innovation (to create a friendly environment for the development of cybersecurity startups); 3. government leadership and cooperation (to transfer government-owned cybersecurity knowledge to the private sector and set up a cybersecurity governance framework). The Canadian government also attaches great importance to critical infrastructure. In May 2018, the National Cross Sector Forum 2018-2020 Action Plan for Critical Infrastructure  was unveiled to facilitate information sharing between public and private partners through sharing and protecting intelligence, and implementing a full risk management approach. Moreover, Public Safety Canada in April 2019 issued a report called Enhancing Canada’s Critical Infrastructure Resilience to Insider Risk, which provided guidelines and suggestions for action on internal risks in critical infrastructure organizations. 4. Singapore The government of Singapore in 2018 promulgated the Cybersecurity Act,  which aimed to fulfill the vision of a Smart Nation by enacting and putting into effect cybersecurity regulations to achieve the goal of a resilient infrastructure and a more secure cyberspace, and to strengthen the protection of critical information infrastructure against cyber-attacks. The Cyber Security Agency of Singapore (CSA) was given the authority to prevent and respond to cybersecurity threats, and to set up a system for sharing security information, as well as a light-touch licensing system for cybersecurity service providers. The Government of Singapore has appointed a Commissioner of Cybersecurity responsible for promoting domestic cybersecurity policy. To safeguard Singaporeans from cybersecurity threats,  the government particularly laid down cybersecurity threat or incident response provisions in Chapter 4 of the Cybersecurity Act to empower the Commissioner of Cybersecurity to investigate cybersecurity threats and incidents, such as requiring the parties to the incidents to present statements in person or in writing, producing documents or provide information and so on. 5. Australia The Australian government in 2016 proposed a four-year "Australia's Cyber Security Strategy," which was expected to invest more than 230 million Australian dollars to strengthen Australia's cyber security capability and complete the following five aspects: national cyber partnership, strong cyber defenses, global responsibility and influence, growth and innovation, and a cyber smart nation. As for the global responsibility and influence, the Australian government in 2017 announced the "Australia's International Cyber Engagement Strategy." which aims to strengthen digital trade, to improve cybersecurity and to response to cybercrime through international cooperation; encourage innovative cybersecurity solutions; provide security advice and best practices, such as Essential Eight strategies to mitigate cyber-attacks; establish the Pacific Cyber Security Operational Network (PaCSON)  with neighboring countries to develop regional cybersecurity capabilities; and advance the development of Australia's cybersecurity industry, nurture startups and attract foreign investment. III. Cybersecurity strategy to promote 5G in Taiwan Since President Tsai Ing-wen took office in 2016, she declared that cybersecurity is directly linked to national security. In 2017, the Department of Cyber Security (DCS) under the Executive Yuan issued "National Cybersecurity Development Plan (2017-2020)," and in 2018 the "Cybersecurity Industry Development Action Plan (2018-2025)," in order to enhance the independence of Taiwan's cybersecurity industry, consolidate the nation’s cybersecurity defense line, improve its innovative thinking of cyber security, and further promote it to the international market. To develop a favorable environment to promote 5G, the Executive Yuan on May 10, 2019 approved the “Taiwan 5G Action Plan (2019-2022),”  with a total investment about NT$20.466 billion over a four-year period. The plan aims to build a 5G application and industrial innovation environment, and reshape Taiwan's mobile communication industry ecosystem, with its content planned around five themes, including "promoting 5G vertical application field demonstration", "building 5G innovation and application development environment," "completing 5G technology core and cybersecurity protection capabilities," "planning to release 5G frequency spectrums in line with overall interests" and "adjusting laws and regulations to create favorable environment for 5G development," and to promote industrial upgrading and transformation, as well as create the next wave of economic prosperity in Taiwan. Secure, robust and reliable 5G systems are sufficient and requisite conditions for building an innovation ecosystem in digital countries. The third theme of the "Taiwan 5G Action Plan" is to "complete 5G technology core and cybersecurity protection capabilities," which is intended to advance the integration of applied science and technology by establishing advantageous core technologies, set up a 5G technology and test platform, and increase the market competitiveness of 5G industry, while drafting the overall national policies on 5G cybersecurity, building the cybersecurity protection mechanism of 5G homemade products, strengthening 5G critical infrastructure and operational cybersecurity protection capabilities, and promoting domestic suppliers to enter the international 5G reliable supply chain. In terms of strengthening 5G critical infrastructure and operational cybersecurity protection capacities, the NCC has planned a four-year (2019-2022) "5G Network Cybersecurity Protection and Related Regulations Preparation Plan." In coordination with a 5G license issue in 2020, the agency in 2019 added/amended the 5G cybersecurity provisions of the Regulations for Administration of Mobile Broadband Businesses, making it mandatory for the winning bidder of the 5G frequency spectrum to incorporate the cybersecurity protection concept into the system design for system construction. Upon commercial operation of 5G, the NCC will audit from time to time the implementation of the cybersecurity maintenance plan by telecom operators, so as to ensure and reinforce the cybersecurity protection system of Taiwan's 5G telecom network, and create an opportunity for the development of 5G homemade products with cybersecurity protection capability. In addition, the NCC will also face up to the fact that 5G technology standards continue to evolve, and the operators have different construction schedules and heterogeneous mobile networks coexist. Therefore, relevant regulations will continue to be completed from 2020 to 2022, and examples will be verified through cybersecurity function testing laboratories to ensure that cybersecurity protection functions of 5G networks keep pace with the times. IV. Conclusion and Suggestion As for emerging technologies, countries around the world are actively evaluating and constructing 5G systems and services. Taiwan boasts excellent industrial advantages in terms of semiconductors, ICT software and hardware, and high-quality talents, and thus makes a foundation for developing 5G. Furthermore, going with the importance of cybersecurity, it is necessary to pay more attention to planning and developing 5G cybersecurity technology. It is clear that the development of cybersecurity is both a challenge and an opportunity for Taiwan. In order to implement the national policy objectives of "cybersecurity is national security" as well as "innovative economic development programs for a digital nation," and to response to the scientific and technological progress, and the demand for cybersecurity, key development direction is proposed to expedite the establishment of 5G cybersecurity protection. Reference: Resilience, Deterrence and Defence: Building strong cybersecurity in Europe, European Commission, https://ec.europa.eu/digital-single-market/en/news/resilience-deterrence-and-defence-building-strong-cybersecurity-europe The draft Regulation of The European Parliament And of The Council on ENISA, the "EU Cybersecurity Agency", and repealing Regulation(EU)526/2013, and on Information and Communication Technology cybersecurity certification(''Cybersecurity Act'') was published in September 2017 to expand the rights and obligations of ENISA, which would make ENISA the EU's cybersecurity and information competent authority and the authority for critical infrastructure (information) facilities after the passage of the Act. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG&toc=OJ:L:2019:151:TOC The EU cybersecurity certification framework, European Commission, https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-certification-framework Cybersecurity Strategy(2018), DHS, https://www.dhs.gov/sites/default/files/publications/DHS-Cybersecurity-Strategy_1.pdf National Cyber Strategy of the United States of America(2018), The White House, https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf THE WHITE HOUSE, Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, The White House, https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/ DoD Digital Modernization Strategy, DoD, https://media.defense.gov/2019/Jul/12/2002156622/-1/-1/1/DOD-DIGITAL-MODERNIZATION-STRATEGY-2019.PDF National Cybersecurity Strategy, Public Safety Canada, https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx National Cross Sector Forum 2018-2020 Action Plan for Critical Infrastructure, Public Safety Canada, Public Safety Canada, https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/pln-crtcl-nfrstrctr-2018-20/index-en.aspx#a02 The action plan is a three-year program under Canada's2010 National Strategy for Critical Infrastructure (National Strategy) starting in 2010 for all phases. Enhancing Canada’s Critical Infrastructure Resilience to Insider Risk, Public Safety Canada, Public Safety Canada, https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/nhncng-crtcl-nfrstrctr/index-en.aspx Cybersecurity Act 2018, Singapore Statutes Online, https://sso.agc.gov.sg/Acts-Supp/9-2018/ Cybersecurity Act, CSA, https://www.csa.gov.sg/legislation/cybersecurity-act Id. Cybersecurity Act Explanatory Statement, https://www.csa.gov.sg/~/media/csa/cybersecurity_bill/cybersecurity%20act%20-%20explanatory%20statement.pdf Australia’s Cybersecurity Strategy, https://cybersecuritystrategy.homeaffairs.gov.au/ What is the Government doing in cybersecurity, Ministers for the Department of Industry, Innovation and Science, https://www.industry.gov.au/data-and-publications/australias-tech-future/cyber-security/what-is-the-government-doing-in-cyber-security Australia’s International Cyber Engagement Strategy, Department of Foreign Affairs and Trade,https://www.dfat.gov.au/sites/default/files/DFAT%20AICES_AccPDF.pdf Essential Eight Explained, ACSC, https://www.cyber.gov.au/publications/essential-eight-explained Pacific Cybersecurity Operational Network(PaCSON), https://dfat.gov.au/international-relations/themes/cyber-affairs/cyber-cooperation-program/Pages/pacific-cyber-security-operational-network-pacson.aspx Or Strengthening cybersecurity across the Pacific, ACSC, https://www.cyber.gov.au/news/pacific-islands PaCSON is comprised of 15 members, including Australia, Fiji, Marshall Islands, New Zealand, Papua New Guinea, Samoa, and Solomon Islands. Taiwan 5G Action Plan, Executive Yuan,https://www.ey.gov.tw/Page/5A8A0CB5B41DA11E/087b4ed8-8c79-49f2-90c3-6fb22d740488Introduction to Critical Infrastructure Protection
The security facet of cyberspace along with a world filled with CPU-controlled household and everyday items can be examined from various angles. The concept of security also varies in accordance with different stages of national conditions and industrial development in different nations. As far as our nation is concerned, the definition of security industry is "an industry offering protection for human bodies, important infrastructure, information, financial system, as well as offering equipment to defend the security of national lands and the service"1 as initially defined by "Security Industry Program Office." Judging from the illustration of the definition, the security industry should be inter-disciplinary and integrative, which covers almost all walks of life and fields, such as high-tech industrial security management, traffic & transportation security management, fire control and prevention against natural calamities, disaster relief, information security management, security management in defense of national borders, and prevention of epidemics. After the staged mission, "e-Taiwan program", was accomplished in 2007, our government hoped to construct a good surrounding by creating a comfortable life from a user’s point-of-view. This was hoped to be achieved by using "the development of a high-quality internet society" as a main source by using innovative services, internet convergence, perceptive environment, security, trust, and human machine linkage. At the Economic Development Vision for 2015: First-Stage Three-Year Sprint Program (2007~2009) formulated by the Executive Yuan, wireless broadband, CPU computer-controlled items all have become part of our every day lives, and healthcare, along with the green industry are listed as the next emerging industries; whereby the development of relevant critical technologies is hoped to be promoted to create higher industrial values and commercial opportunities. However, from a digitally-controlled-life viewpoint, the issue concerned by all walks of life is no longer confined to the convenience and security of personal life but gradually turns to protection of security of a critical infrastructure (CI) run by using information technology. For instance, finance management, stock market, communication network, harbors and airports, high speed rail, R&D of important technology, science parks, water purification facilities, water supply facilities, power, and energy facilities. 2Because security involves resources related with people's most fundamental living needs and is the most elementary economic activity of the society, it is regarded as an important core objective to promote the modern social security system. Therefore, critical infrastructure protection requires more dependence on information and communication technology to maintain the stability of finance and communication, as well as the security of facilities related with supply and economy of all sorts of livelihoods in order to ensure regular operation. With the influence of information and communication technology on the application of critical infrastructure on the increase, the society has increasingly deepened its dependence on the security of our cyber world. The concept and connotation of information security also keep extending with it toward the aforementioned critical infrastructure protection planning, making critical information infrastructure protection (CIIP) and critical infrastructure protection (CIP) more inseparable in concept3 , and becomes an important goal of policy implementation to achieve the vision of a digital lifestyle which is secure for every nation. In recent years, considerable resources have been invested to complete an environment whereby a legal system of “smart lifestyle” is developed. However, what has been done for infrastructure protection continues to appear as not being comprehensive enough. This includes vague definitions, scattered regulations and policies, different protection measures taken by different authorities in charge, obvious differences in relevant risk management measures and in the magnitude of management planning of information security and so on. These problems all influence the formation of national policies and are the obstacles to the promotion of relevant industrial development. In view of this, the 2008/2009 International CIIP Handbook will be used as the cornerstone of research in this project. After the discussion on how critical infrastructure protection is done in America, Germany and Japan, the contents of norms of regulations and policies regarding critical infrastructure protection in our nation will be explored to make an in-depth analysis on the advantages and disadvantages of relevant norms. It is hoped to find out what is missing or omitted in the regulations and policies of our nation and to make relevant amendments. Suggestions will also be proposed so that the construction of a safe environment whereby the digital age of our nation can be expanded to assist the “smart lifestyle” to be developed further. 1.See http://tsii.org.tw/modules/tinyd0/index.php?id=14 (last visited May 24, 2009) 2.For "2008 International Conference on Homeland Security and Application of Technology in Taiwan ~ Critical Infrastructure Protection~", please visit http://www.tier.org.tw/cooperation/20081210.asp (last visit date: 05/17/2009). 3.For critical infrastructure protection, every nation has not only proceeded planning for physical facilities but put even more emphasis on protection jobs of critical information & communication infrastructure maintained via the information & communication technology. In the usage of relevant technical terms, the term "critical infrastructure" has also gradually been used to include the term "critical information & communication infrastructure". Elgin M. Brunner, Manuel Suter, Andreas Wenger, Victor Mauer, Myriam Dunn Cavelty, International CIIP Handbook 2008/2009, Center for Security Studies, ETH Zurich, 2008. 09, p. 37.