Taiwan’s head of cybersecurity told CNN Business this month that it is using dramatic measures to guard against technological vulnerabilities — including employing roughly two dozen computer experts to deliberately attack the government’s systems and help it defend against what Taiwanese authorities estimate are some 20 million to 40 million cyberattacks every month.
Taiwan says it has been able to defend against the overwhelming majority of attacks. Successful breaches number in the hundreds, while only a handful are what the government classifies as “serious.”
But the enormous number — and where Taiwan thinks they’re coming from — has compelled the government to take the issue seriously, according to Chien Hung-wei, head of Taiwan’s Department of Cyber Security.
“Based on the attackers’ actions and methodology, we have a rather high degree of confidence that many attacks originated from our neighbor,” he told CNN Business, referring to mainland China.
“The operation of our government highly relies on the internet,” Chien said. “Our critical infrastructure, such as gas, water and electricity are highly digitized, so we can easily fall victim if our network security is not robust enough.”
The coordinated announcement has illustrated the Biden administration’s priorities in defending cybersecurity, after serious vulnerabilities had been reported in major American sectors, such as energy and food production.
Chien said Taiwan suspects that state-backed hackers were behind at least one major malware attack on the island last year. In May 2020, CPC Corporation — a government-owned refiner in Taiwan — was hacked and left unable to process electronic payments from customers. The Ministry of Justice Investigation Bureau accused a hacker group linked to China of carrying out the attack.
China has repeatedly denied launching cyberattacks against Taiwan and others. In a statement to CNN Business, the Ministry of Foreign Affairs called the island’s accusations “groundless and purely malicious.” China’s Taiwan Affairs Office also criticized Taiwanese authorities for using cyberattacks to smear the mainland as a “habitual trick,” and to shift the public’s focus away from the island’s recent Covid-19 outbreak.
And after China was accused by the West earlier this week of launching a massive, global hacking campaign, the country blasted the claims as “groundless.”
“We strongly urge the United States and its allies to stop pouring dirty water on China on cybersecurity issues,” Zhao Lijian, China’s Ministry of Foreign Affairs spokesman, said on Tuesday. “China firmly opposes and cracks down on cyberattacks of any kind, let alone encourages, supports or indulges them.”
Tensions with China
Taiwan and mainland China have been governed separately since the end of the Chinese Civil War more than 70 years ago. While the Chinese Communist Party has never ruled Taiwan, Beijing considers the island to be an “inseparable part” of its territory and has repeatedly threatened to use force if necessary to prevent the island from formally declaring independence.
Experts have voiced concerns not just about the prospect of military warfare, but cyber warfare, too.
Earlier this month, US-based cybersecurity company Recorded Future alleged that a Chinese state-sponsored group has been targeting the Industrial Technology Research Institute, a Taiwanese hi-tech research institution.
Recorded Future said it found that Chinese groups have been targeting organizations across Taiwan’s semiconductor industry to obtain source codes, software development kits and chip designs. It based its claims on evidence it compiled using a method called network traffic analysis, which examines such traffic to detect security threats.
China’s Taiwan Affairs Office did not respond to questions about that analysis, but accused Taiwanese authorities of inciting anti-China hatred and increasing cross-strait conflicts.
Preparing for risks
Allen Own, CEO of Taiwanese cybersecurity company Devcore, said hackers can often be categorized into two groups: those who are working for profit, and those who are stealing information of national importance.
He said many countries — including the United States, China, Russia and North Korea — have assembled formidable “cyber armies” to either obtain intelligence or infiltrate another country’s infrastructure, or defend against attackers that might do the same to them. That kind of power highlights the need for Taiwan to boost its own capabilities.
“In information security, many people say that World War III will happen over the internet,” he said.
Taiwan says, meanwhile, that it has been attuned to these types of risks for years.
In 2016, the Executive Yuan — Taiwan’s highest administrative organ — set up the Department of Cyber Security to mitigate security risks.
“They want to shape Taiwanese people’s cognition that Taiwan is very dangerous, and Taiwan cannot do without China,” he said. “[But] Taiwan has some very good capability in dealing with cyberattacks. And that is because of our long experience dealing with the cyber activities initiated by the Chinese side.”
But he said Taiwan has been able to defend against most attempts and serious breaches resulting in stolen data or paralyzed services numbered about 10 over the last year.
Chien declined to go into specific details about those attacks, and was willing only to cite successful hacks of Taiwan’s education system, which resulted in student data being stolen.
Even if a cyber intrusion is resolved, such attacks can have long-term consequences because of the kind of information that attackers can gain access to, according to Tsai Sung-ting, CEO of Team T5, a Taiwanese cybersecurity solution provider.
“We frequently observe that after they compromise an organization, the first thing is to steal the emails and documents,” he said. “So even after you clean the infection this time, they may come back next month or a few months later. So I will say the threat is persistent.”
— CNN’s Beijing bureau contributed to this report.