1 . 1.Stay a step ahead of detected and undetected cyberthreats and stop them in their tracks with threat prevention, detection and response capabilities.
Regarding the implementation of proactive cyber security measures to prevent and monitor the risk of cyber threats, the Office shall comply with the following criteria:
1.1 act and cooperate or assist in preventing, coping with, and mitigating the risks of Cyber Threats, especially Cyber Threats that affect or occur in relation to the Critical Information Infrastructure;
1.2 make agreements and cooperate with organizations or institutions both in the country and in foreign countries for the operation in accordance with the duty and power of the Office, upon receiving approval from the Committee;
1.3 monitor the risk of occurrence of Cyber Threats, follow, analyze, and process information in relation to the Cyber Threats and the alerts on the Cyber Threats;
1.4 study and research necessary information required for Maintaining Cybersecurity, in order to prepare recommendations on measures for Maintaining Cybersecurity, including providing relevant agencies with training and practice for coping with the Cyber Threats;
1.5 act as central point of collection and analysis of data regarding Maintaining Cybersecurity of the country, and disseminating the information related to cybersecurity risks and incidents to Government Agencies and private organizations;
1.6 strengthen the knowledge and understanding in Maintaining Cybersecurity, including to create awareness of the incidents regarding the Cyber Threats in order to have a practical operation in a manner that is integrated and up-to-date;
1.7 In the case there is or may be a Cyber Threat to an information system that is under the responsibility of a Government Agency or an Organization of Critical Information Infrastructure, the Office may perform the following:
(1) gather information, or relevant documentary evidence, witness, material evidence to analyze the situation, and evaluate the effects from Cyber Threats;
(2) support, assist, and participate in the prevention, coping with, and mitigation of risks from Cyber Threats;
(3) facilitate in coordinating between relevant Government Agency and private organization to deal with risks and incidents related to cybersecurity;
(4) prevent Cybersecurity Incidents which occurred from Cyber Threats, suggest or issue an order to use the solution system to maintain cybersecurity, including finding the approach for countermeasure or solution regarding cybersecurity;
For the benefit of acting according to the duties and powers, the Office shall establish a central point of contact in order to stay connected with Government Agencies and private organizations.
2. Investigate and respond to a detected security incident by leveraging capabilities such as incident triage, incident response, threat intelligence curation and management, compliance monitoring and management.
Regarding the implementation of reactive cyber security measures when cyber threats arise, the Offcie shall comply with the following criteria:
2.1 act as the central coordinator between the institution regarding Maintaining Cybersecurity of Government Agencies and private organizations, both in the country and in foreign countries in preventing, coping with, and mitigating the risks at Cyber Threats;
2.2 prescribe the level of Cyber Threats including the details of the measures to prevent, cope with, assess, suppress, and suspend the Cyber Threats at each level;
2.3 Monitor the responding process to cyber threats and evaluate the effects from the Cyber Threat;
2.4 When it appears to the Supervising or the Regulating Organization, or when the Supervising or the Regulating organization is notified of an incident, the Supervising or Regulating Organization shall perform the following:
(1) support and grant assistance to the Government Agency or Organization of Critical Information Infrastructure under the supervisor or regulation and cooperate and coordinate with the Office to prevent, cope with, and mitigate the risks from the Cyber Threat;
(2) assist the organizations in building and achieving cyber resilience;
(3) regulate the undertaking of the national coordinating agencies for the security of computer systems and the incident response and computer forensic science;
2.5 prepare an annual report to be submitted to the Committee and shall disclose the annual report to the public;
For the benefit of the operation of the Office, NCERT shall prepare a summary report of undertakings of Maintaining Cybersecurity that have significant effect, or the approach for developing the standard of Maintaining Cybersecurity.
3. Enforce legal safeguards to ensure the security of cyberspace.
The policy and plan on Maintaining Cybersecurity shall at least contain the following objectives and approaches:
3.1 creation of awareness and knowledge in Maintaining Cybersecurity enhance, support, and act in order to disseminate knowledge regarding;
3.2 Maintaining Cybersecurity, and provide trainings to enhance the skills and expertise in performing duties in relation to Maintaining Cybersecurity;
3.3 When it appears to the Supervising or the Regulating Organization, or when the Supervising or the Regulating organization is notified of an incident, the Supervising or Regulating Organization shall perform the following:
(1) support and grant assistance to the Government Agency or Organization of Critical Information Infrastructure under the supervisor or regulation and cooperate and coordinate with the Office to prevent, cope with, and mitigate the risks from the Cyber Threat;
(2) assist the organizations in building and achieving cyber resilience;
3.4 In order to perform the duties in accordance with this Act, the Official shall have the following duties and powers:
(1) set out codes of practice and minimum standards for cybersecurity in the public and private sectors relating to CII, including risk assessment and mitigation plans against cyber threats;
(2) Determine the policy and implementation guidelines in form of phases by using the Capability Maturity Model (CMM) as a tool;
(3) Set up a service quality management system to monitor performance and continually improve operations in order to meet the targeted performance;
(4) Stipulate processes and procedures including the necessary tools to support services such as threat recording, ticketing system, and workflow management system;
3.5 Carry out activities in collaboration with public and private agencies, both in the country and in foreign countries in regarding to quality management for maintaining cyber security;
For the benefits of monitoring, preventing, and mitigating the risks of Cyber Threats, NCERT shall support and grant assistance to organizations in order to maintaining Cybersecurity of the country or perform any other task as specified under this Act or as assigned by the Committee.