At the Cabinet's weekly meeting today, Premier Lai Ching-te said the nation's government agencies must continue building up cyber defenses against today's complex, ever-changing threats.
In remarks following a report by the Executive Yuan's Department of Cyber Security on the state of Taiwan's information security, the premier said cyber threats are on the rise, particularly against critical information infrastructure such as financial and communication systems, hydropower installations and power grids. The government should raise awareness and education on these issues, improve protection technologies, strengthen security reporting systems, and promote drills, audits and experience sharing. Central and local governments should also make use of funding from the "cybersecurity flagship projects" and the Forward-looking Infrastructure Development Program to build multi-layered cybersecurity networks and ensure protective measures are properly implemented.
The massive DDoS (distributed denial of service) attacks that hit the internet recently were executed mainly through unsecured internet-of-things (IoT) devices, Premier Lai continued. He instructed the government agencies responsible for digital economy industries (including artificial intelligence and IoT technologies) to expand the development of the digital technology work force, including cybersecurity specialists. The agencies themselves should also employ more tech support personnel in preparation for future demands.
The Department of Cyber Security said the government's cybersecurity policy aims to build three dimensions of protection. In terms of breadth, funding from cybersecurity flagship projects and forward-looking infrastructure projects will be used to create multi-layered protective networks across government agencies, critical infrastructure, and local and regional governance systems. These networks will incorporate big data analytics and artificial intelligence for early detection of cybersecurity attacks.
In terms of depth, organizations should employ "defense in depth" strategies for internal and external networks, raise employee awareness of cybersecurity threats, discourage personnel from opening suspicious emails, and reduce the number of malicious intrusions. Cybersecurity inspections, including audits and system health checks, should also be expanded to actively identify and remedy any vulnerabilities.
Concerning speed, all agencies should formulate information security plans and implement each measure accordingly, improving detection of security incidents and speeding up response time. Cybersecurity exercises including incident reporting and network attacks should also be conducted to accelerate response time to cybersecurity incidents.