International Organization Stakeholders

International stakeholders acknowledge TWNIC's attentive long-term planning for its business in the past. They suggest that TWNIC does not need to address all issues but should continue to focus on challenges related to its core business. After the CERT/CC transition, there should be a continuous bolster the cybersecurity framework for the Internet Service Provider (ISP) to maintain cybersecurity of TWNIC's core business. Additionally, in response to the increasingly complex demands of domestic internet governance, stakeholders recommend more involvement in the policy domain, demonstrating the value of a multi-stakeholder internet governance model in Taiwan.

I think this survey that's being done now is a really good example of how you really, in this non-profit environment, you really need to kind of take the time to understand what people think and to take advice and to plan over a longer period.

TWNIC shouldn't try to cover everything for everyone. That would be a mistake. But the sort of the challenges or the questions that relate to TWNIC's core business will keep increasing. …they just will need to keep responding to that sort of demand for more engagement with policies in Taiwan.

I think that's an opportunity there as well for things to move forward, maybe even for Taiwan to, and this would be with TWNIC as a participant, for Taiwan to present models of multi-stakeholder internet governance at the Taiwan level that others could also learn from.

Furthermore, international stakeholders acknowledged TWNIC's active participation in international discussions and collaborations through a multi-stakeholder model of internet governance communities, even amidst geopolitical challenges. TWNIC's efforts raise its international profile and create more collaboration opportunities.

So I think TWNIC is already taking that action anyway by actively participating in a lot of these multi-stakeholder model type IG spaces. So I think continuing doing that would be good. Just sharing their voices and input.

International stakeholders also encourage TWNIC to provide assistance to other countries as much as possible, even with the risk of increased costs, as it would enhance TWNIC's importance and clarify Taiwan's international role.

And hopefully also, maybe there are opportunities for TWNIC to help internationally where there are countries that are interested in having help in this area from Taiwan, that there would be opportunities on that level if TWNIC wished to increase its international profile in those sorts of cases.

I think the costs of doing that work properly are going to continue increasing, but they only also make TWNIC more important and give it a better profile and a clearer role in Taiwan, I think.

Stakeholders mention that while IPv6 is not a new topic, it still needs continuous promotion. The global deployment trend of IPv6 is ongoing and has reached approximately 40%. Stakeholders urge to view IPv6 as an ongoing challenge and caution against automatic assumption that the growth will continue merely because it has reached 40%.

IPv6 as a global trend is continuing to be deployed. It's not going to be done until it reaches 100% of deployment.

So I think we need to continually treat IPv6 as a constant present challenge and not something that just because we've hit 40%, it's going to just keep growing automatically. I think we need to be more smart and kind of careful than that.

Despite potentially lacking the appeal of newer projects, IPv6 remains an important priority. Stakeholders recommend the ongoing support for IPv6 deployment, training, and capacity building in Taiwan, as well as participating in relevant international cooperation opportunities.

So I'd put IPv6 on the priority list and just suggest not to forget the priority that it still is to keep supporting deployment, to keep supporting training and capacity building in Taiwan.

Stakeholders acknowledge the past technical contributions of TWNIC in Internationalized Domain Names (IDN), demonstrating a spirit of bilateral and multilateral collaborative. Stakeholders expect continued promotion of IDN usage in Taiwan to facilitate internet access for those unfamiliar with English, while also preserving local languages and culture.

In terms of the technical layer, how we can put in domain names in Chinese language, for all those works, TWNIC is heavily involved, which is great. But I guess promoting the use of IDNs, we can definitely work better together.

Additionally, stakeholders point out that the Taiwanese internet community is interested in the next round of new Generic Top-Level Domain (gTLD) applications. They suggest that TWNIC closely monitor developments to understand the commencement of the application period within the next two to three years.

There's something called the next round of new gTLD applications. So maybe, I think what I heard is there are Taiwanese community that's interested. So I guess looking out for that progress is also important for the Taiwanese community because in general now we are about two to three years away from the next round of opening. So they would probably want to kind of keep an eye on the progress so that they know roughly when they could look into applications.

Focusing on TWNIC's core business after transferring the CERT/CC business

Following the transfer of the CERT/CC business, stakeholders expect TWNIC to strengthen its core service principles, emphasizing the professionalism and performance of its core business, and ensuring vigilant monitoring and maintenance of DNS security measures.

Then TWNIC would be able to focus on its existing business

Therefore, TWNIC has set up a cybersecurity system for DNS; that is, it focuses on reinforcing DN security. If TWCERT/CC doesn't undertake this task, then TWNIC must be responsible for the task.

It's good as long as they hold true to the service purpose stated in Article 2 of their endowment charter. If there is any help MODA needs from TWNIC in their policies, we can help them with what they can do without going beyond the scope of their service purpose.

Integrating the intelligence platform, and service strength of the public and private sectors to further fortify brand trust

Stakeholders expect that after transferring TWCERT/CC to the National Institute of Cyber Security, there will be a integration with the National Institute of Cyber Security's abundant experiences and resources, to forge a more integrated collaboration network. Meanwhile, TWNIC should continue to build a credible cybersecurity brand by providing the latest cybersecurity information and establishing a trusted anonymous cybersecurity reporting channel.

Stakeholders also expect that TWCERT/CC can serve as a portal for reporting private-sector cybersecurity issues in the future. In doing so, the accumulated service experience in the public sector can be utilized to offer professional, fee-based cyber security technical assistance, in turn contributing to the cybersecurity in both the public and private sectors.

I hope that TWCERT can leverage its capacity for public–private partnerships after being integrated with TWNCERT. …The more information you have, the more opportunities there are for you to make and share valuable analyses for all agencies.

When it comes to promoting our businesses to the public, we can send the messages through the CERT/CC. We want to build up our brand for everyone to trust it. For example, everyone associates the number 165 with fraud prevention, no? And to combat cybersecurity problems, private industries look for CERT/CC. If you build up the brand as one that is trustworthy and credible, it can provide a lot of latest information and services, which will benefit the cybersecurity of Taiwan.

Ensure the due process of the execution procedure of the DNS RPZ self-regulatory mechanism

Stakeholders suggest that regarding the DNS RPZ business, to ensure legal due process and procedural rigor, the highest standards should be upheld in the application of the emergency appeal mechanism. Moreover, TWNIC should actively promote the relevant mechanisms and procedures among enterprises, assist in legislative revisions, and engage in in-depth discussions with IASP and other units regularly to foster a suitable network environment.

In addition, regarding the appeal mechanisms for mistakes in RPZ, there is a need for developing a more comprehensive SOP to handle the appeals. It is vital to ensure the openness and transparency of relevant information, which is essential for efficiently and effectively handling appeals, safeguarding user rights.

Some agencies seem unclear about the restrictions on this self-regulatory mechanism. For example, the RPZ blocks a domain instead of a web page, or the standard legal procedures of the operation. Some agencies may find this particular tool useful, and then …Some agencies want to use this fast approach and (directly) ask TWNIC to use RPZ to block the web page. …if we put more effector into promoting this mechanism and demonstrating its use, then agencies will not have wrong expectations.

Once there was a domain that was blocked through RPZ by mistake. Restoring this domain required a complicated procedure. …Therefore, a system should be built to reinforce the appeal mechanism. A procedure was required for the counterparty to apply to restore its domain.

Continuing to monitor network resilience issues and propose policy recommendations in response to potential crises

Stakeholders have noticed that TWNIC has addressed network resilience issues, including the challenges of centralized ASN in Taiwan. They expect TWNIC to continue monitoring relevant issues and exert its influence. Beyond issue discussions, TWNIC is encouraged to propose policy recommendations, therefore crafting practical and feasible policy measures to safeguard the cybersecurity of Taiwan's network environment.

I see that TWNIC made some actual comments on the resilience of the entire network … Here, more policy suggestions or research efforts are required for the government. There was a similar issue a few years ago regarding the high ASN concentration in Taiwan, which was not necessarily a good thing in terms of resilience. How can we raise issues like this, formulate policy recommendations, and finally make the recommendations into a policy? This will be a valuable step because the issue will not be left sitting there.

Increasing the public's cybersecurity awareness by sharing case studies

With the support of the National Institute of Cyber Security, TWCERT/CC is envisioned to become a flagship for cybersecurity promotion in the private sector, while TWNIC should focus on strengthen the cybersecurity protection of DNS services, especially against DDoS attacks targeting DNS services, and conduct relevant outreach and training for both government agencies and private entities.

Stakeholders hope to elevate the cybersecurity standards in society in general by fortifying the public's understanding of cybersecurity and enabling Taiwan to have a greater voice on the global cybersecurity stage, as well as more opportunities for international engagement.

I seriously think TWNIC and CERT/CC are invaluable agencies in addressing this matter. …In other words, TWNIC plays a critical role in promoting cyber security and reinforcing people's cyber security awareness.

DDoS, which has been committed against websites and network systems, has started to be committed against DNS services built by agencies this year. Taiwan's DNS services are built here at TWNIC. If DNS services are poorly managed, for example, because of hacker attacks messing up the entire DN, then the system will not be able to connect.

Help nongovernmental organizations and agencies to strengthen cybersecurity if they have built their own DNSs.

And then more people will care about this issue, and we will be able to further clarify our standpoint. Even if our government is fostering talents on cybersecurity protection, we must be vigilant on how many of us can discuss or negotiate this issue with people from other countries in the face of the increasing demand because of the challenges.