229  Alert and publication: Guarding against and publishing probable security threats e.g. vulnerability analysis.  Technical service: Providing technical service to government agencies.  Assistance in the setup of CERT: Assisting interested agencies to set up their own CERT.  Consultation: Making suggestions regarding operation and RD of computer security and Internet issues.  Strategy recommendation: Making suggestion to government agencies regarding strategic planning.  Risk analysis: Undertaking risk assessment.  Collaboration: Building collaborative relationship with legal community, information security business and ISP.  Coordination: Building coordination and communication channels with domestic and foreign incident response organizations. 2. Operations Activities

2.1. Incident Handling

In 2014, TWNCERT published 1,528 notice advisories to government sectors. The categories were distributed as in Figure 1. Figure 1 Distribution of notice advisories 230 TWNCERT received 514 reports on computer information security incidents from Taiwan government sectors in 2014. The top 3 incident categories are Intrusion, Website Defacement and DDoS attacks. Figure 2 Security incidents from government sectors

2.2. Government Information Sharing and Analysis Center

TWNCERT is intended for improving incident response and information security awareness and sharing in Taiwan. Therefore, we started operating the government ISAC since 2009, called G-ISAC Government Information Sharing and Analysis Center. TWNCERT is not only deal with government sectors information security relevant issues, but also sharing security information with Academic ISAC A-ISAC, National Communications Commission ISAC NCC-ISAC, which includes most major ISPs in Taiwan. In addition, major SOCs, law enforcement, CERTs such as TWCERTCC and EC-CERT Electronic Commerce CERT also are G-ISAC members. G-ISAC is using IODEF format and secure API system to make sure the information is correct, useful, in time and based on a trust membership. In 2014, 231 G-ISAC has covered over 98.97 IPs in Taiwan and has shared total of 112,514 security incident and critical information. Figure 3 Distribution of G-ISAC 3. Events OrganizedCo-Organized

3.1. Training

In 2014, TWNCERT has joined the APCERT Steering Committee and is responsible for APCERT Education and Training program. The goal of the training program is to raise comprehensive cyber security technical skills and awareness of members, provide a channel for members to share and exchange valuable experiences with other member teams and thus creates a better cyber environment within Asia Pacific region. On November 5 th , APCERT had 10 member teams attend the first training course event, Malware Behavior Analysis and Detection, presented by TWNCERT.

3.2 Drills