Since assuming office in 2016, President Tsai Ing-wen (蔡英文) has on multiple occasions strongly advocated a data security and national security policy.
With all of the world’s major powers having adopted cyberwarfare strategies, there can be no question that data security and national security are inextricably linked.
Last year, several of Taiwan’s state-run companies and many mid-sized and large manufacturers fell victim to ransomware attacks of varying severity, which in some cases resulted in the temporary suspension of business operations or large ransom payouts, laying bare the intimate connection between data security and economic security.
A nation’s defensive capability against cyberattacks can be termed “national data security power.” The government’s data security and national security policies should focus primarily on upgrading that power.
A nation’s data security power is almost entirely determined by the quality and quantity of its data security specialists, and the latter is closely related to the extent to which it possesses a flourishing data security industry. If a nation wishes to elevate its data security power, it must first cultivate a pool of data security talent that can help develop the sector.
In the past few years, the government has been attempting to do just this. Taiwan now has a community of respected “white hat” hackers who regularly participate in the world-famous Capture the Flag competition, organized by DEF CON, an international convention for hackers and computer security professionals in Las Vegas, Nevada. Taiwanese teams frequently rank among the best in the annual competition.
Some of Taiwan’s white hat hackers have established their own data security companies and are doing good business. Meanwhile, white hat hacker social media groups are popping up all over the place, which means that the pool of data security talent in Taiwan is likely to grow.
Do these achievements mean that Taiwan has already built up formidable data security power and that it has enough data security experts to fulfill its needs? The answer is no.
White hat hackers primarily practice on established software tools, probing target organizations’ systems and networks for security vulnerabilities and conduct packet-based cyberattacks that exploit identified vulnerabilities.
They probe the systems’ vulnerabilities concerning malware, by installing it or activating already existing malware, such as ransomware or botnets, and initiate mock denial of service attacks.
The idea behind employing white hat hackers is that by allowing them to attack your systems, you can discover vulnerabilities and flaws, and hopefully learn how to patch them before you are targeted by a real-world attack by a malicious actor.
In the past few years, penetration testing by data security companies has gradually become more common in Taiwan, and most firms’ data security specialists sharpened their skills as white hat hackers.
However, white hat hackers only constitute a small link in the overall data security industry.
I previously worked as director of core technical development and research for the world’s largest data security company. Of the nearly 17,000 employees on the company’s payroll, white hat hackers numbered fewer than 50. The vast majority of employees were software engineers, who developed, integrated and tested a wide variety of data security products.
The human resource structure of other global data security firms is roughly equivalent to that company.
This is why Taiwan’s data security industry should focus on cultivating talent in the following areas of software development: specification setting for innovative data security products, design of streamlined and extensible software architecture, and use of advanced software engineering techniques to produce high-performance and reliable large-scale software products.
Also in high demand are people with an intimate understanding of the strengths, weaknesses and price ratios of commercial data security products, who are able to design a bespoke data security protection architecture and implementation plan tailored to the requirements and budget constraints of customers. They should also be able to deliver immediate and effective repairs and patches to clients’ systems if an attack to their systems occus.
If Taiwan wishes to improve data security protection across all of its industries, the nation needs to train these types of experts.
As with many other industries, the data security industry is gradually moving toward automation. Automated tools are increasingly used for password-strength checks, detection of phishing e-mails and social media attacks, detection and correction of software vulnerabilities, the establishment of system protection rules, the creation of penetration test scripts, and even the generation of network attacks that can intrude into a system’s weak spots.
The use of automated tools allows for the simplification of these processes and can vastly improve quality output. Individuals who are able to develop automated data security tools usually have many years of experience in the development of system software — such as operating systems, compilers and virtual machine monitors, as well as offensive and defensive data security techniques, and artificial intelligence technologies.
These are the key areas of research and development where Taiwan’s data security industry needs to make breakthroughs.
Chiueh Tzi-cker is general director of Information and Communication Labs at the Industrial Technology Research Institute.
Translated by Edward Jones
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
The past few months have seen tremendous strides in India’s journey to develop a vibrant semiconductor and electronics ecosystem. The nation’s established prowess in information technology (IT) has earned it much-needed revenue and prestige across the globe. Now, through the convergence of engineering talent, supportive government policies, an expanding market and technologically adaptive entrepreneurship, India is striving to become part of global electronics and semiconductor supply chains. Indian Prime Minister Narendra Modi’s Vision of “Make in India” and “Design in India” has been the guiding force behind the government’s incentive schemes that span skilling, design, fabrication, assembly, testing and packaging, and
Can US dialogue and cooperation with the communist dictatorship in Beijing help avert a Taiwan Strait crisis? Or is US President Joe Biden playing into Chinese President Xi Jinping’s (習近平) hands? With America preoccupied with the wars in Europe and the Middle East, Biden is seeking better relations with Xi’s regime. The goal is to responsibly manage US-China competition and prevent unintended conflict, thereby hoping to create greater space for the two countries to work together in areas where their interests align. The existing wars have already stretched US military resources thin, and the last thing Biden wants is yet another war.