1. Smart sustainable development plan
In recent years, due to the increase in rainfall variability, there have been many water shortage crises in Taiwan. After CTSP Bureau's assessment, in 2021, 'average rainfall change and water resources pressure' was listed as a major climate change risk, and various water resources response plans were implemented by the Construction Management Division.
In order to immediately identify and respond to various potential risk impacts, the bureau has introduced forward-looking technology into the intelligent management of the park, and used information and communication technology (ICT) to build intelligent disaster prevention and water regime systems, earthquake early warning systems, and update the pipeline drawings of the park to the database of the geographic information system, hoping to minimize losses when disasters come. From 2022 to 2023, CTSP Bureau continued to provide the maintenance service of water emotion measurement Internet of Things, connecting observation and forecast information, and matching with existing water nformation, updating the current water situation and future water situation prediction in the adjacent areas of the park hour by hour. In addition, CTSP Bureau has set up seismic data acquisition and information transmitter of seismic sensors in each park, and set up an integrated communication group of seismic information to present earthquake magnitude and acceleration information in real time when an earthquake occurs, so as to improve the disaster control and emergency response efficiency of CTSP Bureau's units and personnel in charge of earthquake disaster early warning and prevention.
2. Joint protection of information security
Through intelligent systems, we improve the resilience of the park, including intelligent disaster prevention and water information systems, earthquake early warning ystems, and real-time updating of water information and earthquake information to reduce the losses in potential risk shocks. On the other hand ,with the continuous innovation of network technique and technology, the introduction of digital information system can break the time and space constraints and help organizations improve their operational efficiency. With the increasing risk of information security, CTSP Bureau, as a government agency, passed the information security verification of ISO 27001:2013 many years go, and added the privacy information management system of ISO 27701 :2019 in 2022. In addition, we regularly implement security measures such as security inspection, security and health inspection, security threat detection and management mechanism of Infocomm, government configuration benchmark, security weakness notification mechanism of Infocomm, internal information security and social engineering education and training according to the matters to be done in Infocomm Security Management Law, and continue to update software and hardware equipment to implement relevant information security protection. In the last three years, there has been no leakage of important information in his bureau. We also continue to cooperate with the Executive Yuan to promote various information and communication security management operations, and the co-construction omputer room of NSTC and its three parks (HSP, CTSP and STSP) is also built in CTSP, which is under the responsibility of the project maintenance team, and the information security control measures are also implemented as required, hoping to provide perfect and safe information services for the three parks.
The Science Park Information Sharing and Analysis Center (SP-ISAC) is planned and promoted by NSTC and belongs to HSP, CTSP and STSP. Through:
(1) Early warning: research and analysis of sharing information and international information and security technology from time to time.
(2) Strengthen the internal security management and protection energy in the park: provide technical training, personnel training, seminars and meetings, and assist security drills.
On September 20, 2023, SP-ISAC held the APT (Advanced Persistent Threats) attack detection and protection course. According to the development trend of APT-related information security, it introduced the use of various common knowledge in the practical environment, built basic security defense technology based on background knowledge, and added various new application services as the technical core. In order to focus on the defense field of APT and reduce the risk of APT, it is necessary to implement vulnerability scanning, so as to assist enterprises to find vulnerabilities at the first time, and take immediate steps to fix vulnerabilities and curb hackers.
Protection objectives such as assisting in improvement and emergency response: grasp the overall real-time situation through the feedback of information on security idents and network security threats from the manufacturers in the park, and release the information on security threats (such as information on product and equipment security vulnerabilities and blacklist of attack threats) to other manufacturers in the park to achieve joint defense.
