The ROC government conducted its first large-scale cyber-security drill in November and December 2013, testing the prevention and response capabilities of the Executive Yuan's 33 affiliated second-tier agencies with mock attack and defense exercises, the Executive Yuan's Office of Information and Communication Security (OICS) reported today.
The drill, which featured live exercises, simulations and social engineering email (email meant to manipulate the recipient into giving up confidential information) alertness and avoidance training, garnered the anticipated results and augmented collaboration among industries, academics, government agencies and research institutes, said Premier Jiang Yi-huah after the OICS briefing. It also facilitated international exchange, as foreign experts took part in the activities and offered suggestions, he added. Jiang thanked the executive team for their efforts and Minister without Portfolio Chang San-cheng for his supervision and hard work on the project.
"International online assaults on websites are frequent, and the ROC has always been a major target of hackers," the premier noted. "It is therefore necessary to enhance the government's information security across the board and enhance monitoring.
"The drill results reveal that agencies have been paying increasing attention to information security; however, persistent fortification is still needed in areas such as notification and responsive measures following security breaches, management and maintenance of publicly accessible websites and information systems, and civil servants' awareness of information security. For example, several agencies registered rates of opening and clicking links on social-engineering emails that were as high as 20 percent; greater scrutiny is a must," Jiang said.
The premier directed the OICS to look into the drill results and formulate further strategies and concrete means to reinforce government agencies' defensive and responsive capabilities. He also enjoined ministry heads to supervise their staff to ensure thorough coordination and implementation of such measures in order to develop integrated and comprehensive defenses. The different ministries must also mete out appropriate rewards and punishments for performance in this field to encourage colleagues to pay close attention to information security, he said.
Moreover, daily life is becoming strongly oriented around information in numerous aspects, and the government holds either direct or indirect controls over major databases concerning people's livelihoods, such as those of transportation, health and welfare, household and land registration, and financial services, Jiang noted.
"If any of these systems were hacked or malfunctioned, all citizens' lives would be affected," he pointed out. "Therefore, government agencies must meticulously supervise their staff so that information security can be scrupulously implemented and a strong united defense network established."