The National Security Bureau (NSB) believes that the Chinese military has shifted the emphasis of cyberattacks on Taiwan from government institutions to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems, according to an NSB report.
The report on the country’s measures to stem attacks by China’s hackers was prepared for lawmakers’ reference ahead of a scheduled legislative hearing on the issue tomorrow that will be attended by NSB, Ministry of National Defense and Criminal Investigation Bureau officials.
Amid the public’s growing reliance on the convenience of online networks, Taiwan’s heavy dependence on technology means threats to Internet security are increasing, the bureau said.
Private think tanks, information technology businesses or outsourced factories and businesses, less well-defended network nodes, factory-grade microcomputer controllers, cloud storage and traffic signal switches may be targeted instead of governmental facilities and embassies, the bureau said in the report.
The bureau also cautioned that social media may be used to get close to personnel in sensitive or key positions to gain access to their computers to further penetrate the nation’s Internet defenses.
The hackers’ goal is to acquire as much control as possible over internal Internet systems before trying to steal or forge information, or paralyze Internet communications, the bureau said in the report.
According to the bureau, since 2002, China has extended its cyberarmy and now there are more than 100,000 people working for it, with Beijing budgeting more than NT$80 million (US$2.71 million) a year for the hackers.
As an agency of national defense, the bureau is a long-term and dedicated target of Chinese hackers and was hit 3.34 million times last year, the bureau said.
However, it said the actions were reconnaissance rather than actual attacks.
About 70,000 malignant attacks — averaging 209 a day — were all successfully averted, the bureau added.
The bureau takes cyberdefense seriously and has allocated funding over the past three years to purchase specialized equipment, such as defensive software systems, as well as prioritizing the limitation and scanning of outgoing documents, the bureau said.
In a special note, the bureau said telecommunication providers should prioritize national defense over financial gains, adding that the providers should try to strengthen and implement Internet security protocols in accordance with government policies.
Meanwhile, the Executive Yuan’s Information Security Office said in a report that among all government units, only the Council of Agriculture and the Executive Yuan itself have met information security standards.
Saying the situation was unsatisfactory, the Executive Yuan said that branches of the government should seek to have every office, branch or unit under their jurisdiction pass the Information Security Management System testing standards to ensure online security.
Additional reporting by CNA