Center for Assurance Research and Engineering

Chih Ho Chou, Section Chief, The Department of Cyber Security, Executive Yuan, Government of Taiwan Visits Mason; Researches Similarities and Differences in Approach to Cyber Security Legislation and Policy Between Taiwan and the U.S. with JP Auffret

Join CARE Mailing List

On January 1, 2019, Taiwan’s executive branch of government began implementing the Cyber Security Management Act which was enacted by the President on June 6, 2018 and passed by the Legislative Yuan in May 2018. Chih Ho Chou’s time at Mason will contribute to his work on this task force implementing the Act. He will also study, review, compare, and contrast U.S. and Taiwan strategies and approaches to cybersecurity governance related the Act which he must implement. In addition, he will research the cybersecurity strategy and laws in the U.S., and try to compare with Taiwan.

We sat down with Chih Ho Chou and asked him some questions:

Q: What will you be working on and doing while you are at Mason?

A: To effectively reduce and control government agencies’ cyber security risks, the Taiwan government has strengthened cybersecurity governance. We started instructing government agencies on how to introduce the cybersecurity governance maturity assessment model in 2014 in order to evaluate the effectiveness of the cybersecurity governance in the organizations. As of the end of 2016, ten government agencies have held trial runs of the model. In the future, we will not only actively facilitate all government agencies to adopt the cybersecurity governance maturity model and regularly conduct self-evaluation, but we also aim to establish evaluation mechanisms by third parties for government agencies. Through a fair judgement of third parties, all agencies will be guided to enhance their cybersecurity governance to move toward established, predictable, and even innovating organizations.

In addition, the “Cyber Security Management Act” was promulgated on June 6, 2018, with six regulations (Enforcement Rules of Cyber Security Management Act, Regulations for Classification of Cyber Security Responsibility Levels, Regulations for Reporting and Responding Cyber Security Incidents, Regulations for Inspecting Implementation Status of Non-official Agencies’ Cyber Security Maintenance Programs, Regulations for Sharing Cyber Security Information, Award and Punishment Regulations on Cyber Security Affairs for the Public Servants of the Public Official Agencies). The Act was officially implemented on January 1 2019. Subsequently, we need to focus on how it works in practice in Taiwan.

Q: How will your time here at Mason help with your work?

A: As the Internet becomes both faster and more dangerous, it is important to create pre-protect and post-protect mechanisms for the whole system. The goal that I’d like to achieve is to always remain on the cutting edge of cybersecurity defense, both technically and policy-wise. Mason offers me a very good research environment. There are plenty of research resources. Professor J.P. also provides me with some valuable advice on my research.

Q: Please share with me a quote about what this time at Mason has meant to you?

A: My motto of learning is simple, to “practice what you preach.” I always seek to be the first in line to face problems and to think of strategies to overcome the overwhelming pressure before my team. In academia, if I did not guide my students on how to conduct their research, I would find them being like ants scurrying around the base of the tree in bewilderment. In my role in government, I take great risk and responsibility to solve every problem to make people feel safe, draw them into a circle of trust. I want to continually empower myself to learn how to discover potential threats, face problems with courage and come up with better strategies and solutions for every single task.
As Ghandi said, we need to “Be the change that we wish to see in the world.”

Q: What were you working on in your country?

A: Since Aug. 2016, I have been the Section Chief in the Department of Cyber Security, Executive Yuan, Government of Taiwan. During the past five years, my main job is to develop and promote the cybersecurity related plans and strategies, including Cybersecurity Management Act, cyber offensive and defensive exercise (CODE), cybersecurity risk management, cyber security audit program, cyber security incidents report and defense mechanism, critical information infrastructure protection (CIIP), cyber security united defense mechanism (security operation center, computer emergency response team, information sharing and analysis center), government configuration baseline (GCB) and so on.
Q: What will you bring back to your home country from this time in the US at Mason?

A: As the person of section chief who leads the team in the Department of Cyber Security, Executive Yuan, Taiwan, I believe the accomplishment of my learning can steer to fruitful results. The foreseeable projects that I am working on are Promotional Proposal for National Cyber Security Program of Taiwan 2021-2023, The Cyber Security Flagship Project – Critical Information Infrastructure Protection, Cyber Security Management Act Review, and Cyber Security Policy White Paper. The knowledge and qualities I will gain in the US at Mason will be indispensable in helping me to take a lead and implement on my work.