What you need to know
Taiwan is under foreign cyber attacks up to 30 million times on average every month. How can ACW SOUTH play its role to lay down foundations for cyber security and empower cybersec talents at the time when information and communication technology is rising and cyber threats are imminent?
In early October, Optus, Australia’s second largest telecom service provider was hacked, causing tens of millions of private data leakage, including names, phone numbers, emails and passport numbers. The victims of the cyber attack not only suffered from unexpected financial risks, but also were afflicted by such security concerns as information theft and privacy invasion.
Taiwan, with an equivalent number of population to Australia, has been under numerous cyber attacks. According to statistics, the average monthly foreign cyber attacks on Taiwan’s government agencies reach 30 million. In 2021, Taiwan’s government agencies reported 696 cyber security incidents. What the statistics are telling us is that you may rarely see it, but cyber security crises do exist, and they are everywhere. To prevent hackers from taking advantage of the accessibility of digital technology, we should build up accurate cyber security concepts, as we are enjoying the benefits of mobile lifestyle, and stay alert to new types of information security crises like hacker intrusion, data leakage and inappropriate uses of data.
Cyber security breaches everywhere, major international information security incidents become the focus
According to the 2022 Cyber Security Report released by cyber security solution provider, Check Point, on average this year, companies engage with cyber attacks 50% more than last year. Software providers are the main targets of such attacks, with the number of attacks increasing by 146%. In addition to the rising number of cyber attacks, Check Point also notes the trend of cyber attacks influencing people’s daily life. For instance, in 2021 the persistent attacks not only target supply chains, but also mobile devices, cloud service providers, national critical infrastructure, etc. Some cyber security incidents have seriously impacted people’s daily life.
The most notorious cyber attack incident is the supply chain attack on SolarWinds Orion in the US. The attack had compromised the U.S. Treasury and Commerce Departments, forcing the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Homeland Security Department to announce a status of emergency and order all federal agencies to shut down associated products. It was the greatest national cyber threat in the U.S. history. In addition to use malware to steal data, hackers are capable of shutting down infrastructure operation through blackmail software. For instance, in December, 2015, Ukraine’s power grid was hacked through phishing emails to distribute malware and crash mainframes, causing blackouts on hundreds of thousands of households in Ivano-Frankivsk Oblast (Region). However, a more horrifying incident took place in February, 2021; a water treatment plant computer system in Florida was compromised by hackers, in an attempt to boost the level of Sodium Hydroxide (NaOH) up by 111x. Fortunately, the compromise event was found by the employees in time and responded with appropriate measures, preventing a disastrous consequence of strong alkaline water flowing into household pipelines.
To address cyber security challenges in the new era, talent development and concept cultivation are the ultimate solutions
From the said international cyber attacks, it is clear that cyber crises are very real and near. Therefore, governments across the world pay more attention to the establishment of cyber security protection, and speed up their empowerment measures to prepare for cybersec talents. The UK government invested £20 million pounds in the CyberFirst program, helping young people aged from 14 to 18 to learn cyber security matters, so as to build up their awareness of cyber security and develop future cybersec talents. In 2015, the Japan government released its three arrows for cybersec talent development to mitigate the gap of cybersec talents in the private sector. The three arrows include government-backed cyber security certification and talent training programs, live exercises, refinement of school materials at primary and secondary levels. From the university-industry-government perspectives, Japan adopted the top-down approach to lay down the groundwork for cyber security capacity building.
Cyber crises facing Taiwan are more dangerous than any other countries. Its private and public sectors have to worry about not only hackers, but also malicious information attacks from geopolitical perspectives. However, others’ lessons can always be learned to minimize our own vulnerabilities. Analyzing other countries' approaches to deal with modern cyber security challenges will bring in new insights for Taiwan’s society. From Japan’s three arrows of building cyber security capacity to the UK’s CyberFirst program, the key lies in the fundamentals of professional development and cyber security concept cultivation. Taiwan’s Ministry of Digital Affairs (MODA), formed this year, also puts its focus on the same idea,“Public Digital Resilience”. The MODA is now playing as an engineer to ready Taiwan in the face of cyber security challenges of the new era.
Build up top-notch cybersec space, and accumulate cybersec capacity for Taiwan
To build a secure and reliable digital nation, Taiwan has improved its overall cyber security protection mechanism. At the end of 2021, ACW SOUTH Shalun Cybersec Service HQ (hereinafter referred as the Shalun HQ) was officially established. The Shalun HQ not only plays a role to support the industries to build their cyber security protection capacities, but also operates as a key node for distributing cyber security know-how in Taiwan, and cultivates junior cybersec talents.
In terms of the provision of cybersec industrial verification and examination, the Shalun HQ has established 7 platforms for petro-chemical infrastructure, natural gas infrastructure, substation equipment infrastructure, IoTs, semiconductors, smart manufacturing and smart green energy. Some machines used in the production lines were already moved into the HQ for live attack/ defense exercise demonstrated by technical teams in the Shalun HQ. This way, visitors will easily understand the comprehensive cyber attack/ defense processes, including attack, restore and recover. So far, the HQ has received up to 1,700 visitors.
In addition to the demo area for the general public, the Shalun HQ also sets up a live cyber attack/ defense exercise classroom for professionals training. Cutting-edge hardware equipments are placed for trainees to conduct live operations, supplementing with 12 playbooks, so as to develop trainees’ cyber security awareness and counter-hacker know-how. Moreover, various cyber security forums, symposiums, and training courses are organized to accrue and pass on existing cybersec know-how, while also conducting research and development on latest cybersec technologies. So far, nearly 1,500 trainees have participated in the cybersec talent training activities, and they have become the 1st-line defense for Taiwan’s cyber security protection.
Furthermore, the Shalun HQ has dedicated its effort to industry practices. In the HQ, there are professional teams stationed onsite, providing companies and entities with professional cyber security consultancy services. They also provide companies and vendors with professional verification and examination services to connect the corporate environment via network switcher to set up cyber security protection products and conduct live verification and examination. So far, 12 companies have worked with the Shalun HQ on cybersec verification and examination for over 22 products, including industrial control, green energy, manufacturing, semiconductor, IOTs, etc. The Shalun HQ helps vendors to learn cybersec solutions adequate to their businesses, so to optimize and improve their products, strengthening their cyber security protection.
The first Shalun Cybersec Talent Competition held in 2022 is another highlight made by the Shalun HQ for the development of cybersec talents and the upgrade of cybersec talent capacities in industries. As an incubator for potential talents, the Shalun HQ offers opportunities for students to practice in cybersec projects. In the competition, the Shalun HQ provides the facilities and space free of charge. Cybersec workshops and forums are open to new talents from all corners of Taiwan, instilling energy of innovation to the cyber security industry in Taiwan.
Taiwan Can Help! Join in transnational defense for cyber security; university-industry-government engagement to address future challenges
In response to the call of “Cyber security is national security 2.0” strategy outlined by the Taiwan government, the Financial Supervisory Commission amended related laws to regulate listed companies to appoint Chief Information Security Officers and add designated units for information security matters. In August 2022, Taiwan’s Ministry of Digital Affairs officially launched its operations, showing how the Taiwan government has placed its focus on digital transformation and cyber security matters of all sectors.
The establishment of ACW SOUTH Shalun Cybersec Service HQ marks a great stride of Taiwan in the international cyber security arena. Through the indicative cybersec demonstration site management, the HQ will integrate cross-disciplinary engagement in cyber security across the government, industry and university, so as to help the industry to elevate its overall cyber security awareness and capabilities. Facing potential cyber security incidents, Taiwan is capable of lending a helping hand through its extraordinary experience of developing the Shalun HQ as well as the rich talents the HQ incubates, whenever the international cyber security community is in need. Taiwan is able to become a pillar in the international joint defense network for cyber security. And from each and every cyber security crisis, Taiwan will transform the lessons learned into nutrients for the incubation of new talents in Taiwan, and continue to boost Taiwan’s cyber security capabilities.
Advertised by Administration for Digital Industries, MODA