What you need to know
Taiwan is a global node of internet traffic, but also a major target for PRC hackers.
Weaknesses include a lack of implemented policies, underdeveloped training programs and an absence of international cooperation.
Dr. Joseph Hwang of Taiwan’s National Defense University told the Center for Strategic and International Studies (CSIS) in Washington D.C. last week that cybersecurity is a particularly sensitive threat for Taiwan, with threats ranging from criminal activity to cyber warfare and espionage.
Taiwan has been a prime target of hackers, thus giving the R.O.C. a tremendous amount of experience and sophistication in the realm of cybersecurity. Hwang said that Taiwan’s National Security Bureau (NSB) faces roughly 100,000 hacking attempts every month.
Fortunately, Taiwan’s cybersecurity environment is relatively well-structured and continues to develop. Taiwan’s geographical location makes it a prime node in global networks, both as a conduit for web traffic between Northeast and Southeast Asia, as well as between China and North America. To manage and protect Taiwan’s interests, Taipei has followed the lead of nations like the U.S. and China in forming a centralized cyber command: the National Information and Communication Security Taskforce (NICST).
According to Hwang, the NICST protects Taiwanese interests at the national, social, and individual levels by protecting the flow of information and personal privacy. Taiwan’s cyber defense program is highly sophisticated, with multiple levels of access and its own “intranet” that is protected with diversionary “honeypots” and a number of advanced cyber defense measures.
In terms of strengths, Hwang said that Taiwan possesses high-level cyber security systems and a legal and governmental framework for ensuring continued development and sophistication. Weaknesses include a lack of implemented policies, underdeveloped training programs for personnel and an absence of international cooperation due to political reasons.
Opportunities include space for cooperation between the government, the private sector, and academia, and due to Taiwan’s strength in this area, a desire from other countries to learn from Taiwan’s experience. However, the threats to Taiwan are formidable and include hacking from organized crime, record numbers of attacks, an increase in attack sophistication, and vulnerabilities caused by the development of Internet Of Things (IOT) technology.
After his presentation, CSIS moderators presented Dr. Hwang with a battery of questions to expand on the topic. Arguably, the NCIST’s most important role is in coordinating sectors and motivating various interests to communicate with its cybersecurity task force. However, Hwang said that the NCIST is mostly a defense-oriented institution, and thus does not necessarily protect civil government structures to the degree necessary. He thus called for a civil version of the department, as well as a need to train specialists, officials and the general public.
Dr. Hwang said that one of the greatest barriers to cybersecurity, both in Taiwan and in most other nations, is the level of trust between sectors. He cites Estonia as an example of a country with a high level of trust between the government and the populace, in part due to their development of a secure system to allow citizens can conduct most of their government interaction online.
Audience members also asked about Taiwan participating in U.S. military cyber warfare exercises, to which Hwang responded that was unlikely, but educational and information-sharing initiatives are highly valued and sought after.
There was an interesting lack of discussion of the People's Republic of China’s role in attacks on Taiwan until an unidentified audience member posed the question. Hwang’s view is that the majority of attacks on Taiwan originate in China, and while it is difficult to pinpoint exactly who is behind them, an increase in the intensity and volume of attacks after the 2016 elections in Taiwan indicates likely government involvement. Hwang said that Beijing is claiming “cyber sovereignty” stating that international politics as a model for cybersecurity is likely insufficient.
Hwang also indicated that Taiwan faces a degree of vulnerability due to the vast quantity of Taiwanese computer hardware being manufactured in China and a need for this production to shift to other locations, either back to Taiwan or the United States.
Hwang addressed the New Southbound Policy and potential partners in Southeast Asia for cybersecurity. Cooperation between Taiwan and India has been robust in recent years, likely due to both nations’ developed telecommunications infrastructure as well as shared concerns over attacks originating in China. According to Hwang, this partnership will prove fruitful for the foreseeable future.
The complete presentation can be found here: Taiwan’s Cybersecurity Environment - Challenges and Opportunities
TNL Editor: Morley J Weston