The government experienced a cyberattack on the electronic interchange system for official documents early this month, but no confidential information was stolen, an Executive Yuan official confirmed yesterday following local media reports.
While keeping mum on its findings in tracing the hacking, the Executive Yuan’s Office of Information and Communication Security said it has ruled out hackers in the Philippines, who earlier this month used denial-of-service attacks to crash the Web sites of several government departments when tensions between the two countries were running high following the fatal shooting of a Taiwanese fisherman by Philippine Coast Guard personnel.
“We have no comment on suspected hackers. We are still looking into that,” a staff member at the office, who declined to be named, said yesterday.
Asked if the hackers were traced to China, the staff member also declined to comment.
The electronic interchange for official documents, administered by the National Archive Administration, allows government organizations at all levels, as well as schools, to transmit official documents via the network in the form of electronic files.
Office of Information and Communication Security Director Hsiao Hsiu-ching (蕭秀琴) said the office discovered that abnormal events were occurring on client computers outside the domain earlier this month and found that it was a result of a new type of malware installed on the computers.
The office will complete a network restructuring by the end of this month to prevent malware-related threats to the system, she said.
Hsiao said the office was still looking into whether any government documents had been stolen before the attack was detected by the office, but said that documents on the system did not contain confidential information.
Documents classified as “confidential” and “top secret” are transported in printed form and only “unclassified” documents are transmitted through the system, she added.
Democratic Progressive Party (DPP) lawmakers yesterday said the security flaw could be attributed to the government’s personnel arrangements, lack of understanding of modern cyberwarfare and insufficient planning of the cybersecurity system.
President Ma Ying-jeou’s (馬英九) administration’s unprofessional nomination of agency officials was why the government has been either inactive in responding to the threats, or adopting insufficient and incorrect measures in countering the hacking threat, DPP Legislator Lee Chun-yi (李俊俋) told a press conference.
According to Lee, Hsiao is an expert in agricultural economy with no background in information and communication.
Hsiao was not alone, he added, as the director of the Executive Yuan’s Office of Homeland Security, Chen Hui-ying (陳會英), specializes in cultural and education studies across the Taiwan Strait, but has been put in charge of homeland security.
“Cybersecurity has been seen by many countries as a priority. While the US has established a Cyber Command to plan, coordinate and integrate activities to protect the country’s military and government networks, our administration has been sitting idle on the issue,” DPP Legislator Hsiao Bi-khim (蕭美琴) said.
The Ma administration should immediately conduct a comprehensive review of regulations, laws, government personnel assignment and agency hierarchy related to cybersecurity, she added.