July 21, 2024
How Taiwan is trying to defend against a cyber 'World War III'

How Taiwan is trying to defend against a cyber ‘World War III’

Taiwan’s head of cybersecurity told CNN Business this month that it is using dramatic measures to guard against technological vulnerabilities — including employing roughly two dozen computer experts to deliberately attack the government’s systems and help it defend against what Taiwanese authorities estimate are some 20 million to 40 million cyberattacks every month.

Taiwan says it has been able to defend against the overwhelming majority of attacks. Successful breaches number in the hundreds, while only a handful are what the government classifies as “serious.”

But the enormous number — and where Taiwan thinks they’re coming from — has compelled the government to take the issue seriously, according to Chien Hung-wei, head of Taiwan’s Department of Cyber Security.

“Based on the attackers’ actions and methodology, we have a rather high degree of confidence that many attacks originated from our neighbor,” he told CNN Business, referring to mainland China.

“The operation of our government highly relies on the internet,” Chien said. “Our critical infrastructure, such as gas, water and electricity are highly digitized, so we can easily fall victim if our network security is not robust enough.”

Cyberattacks are a growing global threat. And while China is far from the only country to be accused of orchestrating such attacks, Beijing this week is facing intense scrutiny from the West on the issue.
On Monday, the United States, the European Union and other allies accused China’s Ministry of State Security of using “criminal contract hackers” to carry out malicious activities around the world, including a campaign against Microsoft’s Exchange email service in March.

The coordinated announcement has illustrated the Biden administration’s priorities in defending cybersecurity, after serious vulnerabilities had been reported in major American sectors, such as energy and food production.

Chien said Taiwan suspects that state-backed hackers were behind at least one major malware attack on the island last year. In May 2020, CPC Corporation — a government-owned refiner in Taiwan — was hacked and left unable to process electronic payments from customers. The Ministry of Justice Investigation Bureau accused a hacker group linked to China of carrying out the attack.

US blames China for hacks, opening new front in cyber offensive

China has repeatedly denied launching cyberattacks against Taiwan and others. In a statement to CNN Business, the Ministry of Foreign Affairs called the island’s accusations “groundless and purely malicious.” China’s Taiwan Affairs Office also criticized Taiwanese authorities for using cyberattacks to smear the mainland as a “habitual trick,” and to shift the public’s focus away from the island’s recent Covid-19 outbreak.

And after China was accused by the West earlier this week of launching a massive, global hacking campaign, the country blasted the claims as “groundless.”

“We strongly urge the United States and its allies to stop pouring dirty water on China on cybersecurity issues,” Zhao Lijian, China’s Ministry of Foreign Affairs spokesman, said on Tuesday. “China firmly opposes and cracks down on cyberattacks of any kind, let alone encourages, supports or indulges them.”

Tensions with China

Taiwan and mainland China have been governed separately since the end of the Chinese Civil War more than 70 years ago. While the Chinese Communist Party has never ruled Taiwan, Beijing considers the island to be an “inseparable part” of its territory and has repeatedly threatened to use force if necessary to prevent the island from formally declaring independence.

In recent years, China has stepped up its military pressure on Taiwan. In June, the country sent over two dozen warplanes near the island, prompting Taiwan to alert its air defenses. That was the largest number of warplanes sent to that zone since Taiwan began keeping records of such incursions last year. Beijing has also released military propaganda warning Taipei to “prepare for war” as it establishes stronger ties with the United States. (Analysts say the flights likely serve several purposes for China, including as a demonstration of the strength of the country’s military and as a way to gain intelligence it needs for any potential conflict involving Taiwan.)

Experts have voiced concerns not just about the prospect of military warfare, but cyber warfare, too.

Why it's so difficult to bring ransomware attackers to justice

Earlier this month, US-based cybersecurity company Recorded Future alleged that a Chinese state-sponsored group has been targeting the Industrial Technology Research Institute, a Taiwanese hi-tech research institution.

Recorded Future said it found that Chinese groups have been targeting organizations across Taiwan’s semiconductor industry to obtain source codes, software development kits and chip designs. It based its claims on evidence it compiled using a method called network traffic analysis, which examines such traffic to detect security threats.

China’s Taiwan Affairs Office did not respond to questions about that analysis, but accused Taiwanese authorities of inciting anti-China hatred and increasing cross-strait conflicts.

Preparing for risks

A number of countries are now focusing on the mounting threat of cyberattacks, which in recent months crippled one of the largest fuel pipelines in the United States and shut down major operations for meat supplier JBS USA.
In April, the US Department of Justice declared 2020 the “worst year ever” for extortion-related cyberattacks. And the first half of 2021 saw a 102% increase in ransomware attacks compared to the same time period last year, according to cybersecurity firm Check Point Software.

Allen Own, CEO of Taiwanese cybersecurity company Devcore, said hackers can often be categorized into two groups: those who are working for profit, and those who are stealing information of national importance.

He said many countries — including the United States, China, Russia and North Korea — have assembled formidable “cyber armies” to either obtain intelligence or infiltrate another country’s infrastructure, or defend against attackers that might do the same to them. That kind of power highlights the need for Taiwan to boost its own capabilities.

“In information security, many people say that World War III will happen over the internet,” he said.

Taiwan says, meanwhile, that it has been attuned to these types of risks for years.

What it's really like to negotiate with ransomware attackers

In 2016, the Executive Yuan — Taiwan’s highest administrative organ — set up the Department of Cyber Security to mitigate security risks.

President Tsai Ing-wen at the time declared cybersecurity a matter of national security. This May, she announced the creation of a new digital development ministry, which will supervise the information and communication sector with a focus of protecting critical infrastructure, according to Taiwan’s official Central News Agency.
In an exclusive interview with CNN last month, Taiwan’s Foreign Minister Joseph Wu accused China of using military intimidation, disinformation campaigns and cyberattacks to undermine the Taiwanese population’s trust in their own government.

“They want to shape Taiwanese people’s cognition that Taiwan is very dangerous, and Taiwan cannot do without China,” he said. “[But] Taiwan has some very good capability in dealing with cyberattacks. And that is because of our long experience dealing with the cyber activities initiated by the Chinese side.”

Chien, the Taiwanese cybersecurity department leader, said the self-governing island has been subject to tens of millions of attacks monthly, a trend the government has recorded for at least the last few years.

But he said Taiwan has been able to defend against most attempts and serious breaches resulting in stolen data or paralyzed services numbered about 10 over the last year.

Chien declined to go into specific details about those attacks, and was willing only to cite successful hacks of Taiwan’s education system, which resulted in student data being stolen.

Tsai Sung-ting, CEO of Taiwanese cybersecurity solution provider Team T5.

Even if a cyber intrusion is resolved, such attacks can have long-term consequences because of the kind of information that attackers can gain access to, according to Tsai Sung-ting, CEO of Team T5, a Taiwanese cybersecurity solution provider.

“We frequently observe that after they compromise an organization, the first thing is to steal the emails and documents,” he said. “So even after you clean the infection this time, they may come back next month or a few months later. So I will say the threat is persistent.”

— CNN’s Beijing bureau contributed to this report.