Only 0.2 percent of Taiwanese manufacturers have an annual IT security budget of more than NT$3 million (US$100,901) and a dedicated IT security department, Industrial Development Bureau data show.
Five percent of them have an annual IT security budget of more than that amount, but no dedicated IT security team, while the remaining 95 percent have neither a sufficient IT security budget nor dedicated in-house IT security talent.
In 2019, the average IT security budget of companies in the information and electronics industry and in the metal and machinery sector was less than NT$1 million, while the average budget in the financial services and healthcare industries reached NT$22 million and NT$8 million respectively.
This difference in IT security investment is because the latter industries are heavily regulated, including the required IT security measures, while the former are not.
Many CEOs of Taiwan’s small and medium-sized manufacturers understand and recognize, in concept, the importance of IT security investment, but when the time comes to open their checkbooks to act on the idea, they balk.
This is for one simple, but powerful reason: The return on investment (ROI) of IT security investment often cannot be quantified.
Whenever a company’s IT department proposes a plan to strengthen its security, the CEO is likely to ask some variant of the following question: By exactly how much would the proposed plan improve IT security?
Such a question is perfectly reasonable from the standpoint of corporate governance, but is it impossible for the IT department, as well as any other players in the field, to quantify the expected improvement and answer the question satisfactorily.
IT security technologies cannot quantitatively estimate the degree of vulnerability of a company’s IT environment. In the end, because the ROI of the proposed IT security enhancement plan is unclear, it is given a lower priority and might eventually fall through the cracks.
The most effective way to increase a manufacturer’s investment in IT security is to tie it to or align it with its business objectives.
The ongoing China-US trade dispute provides such an example.
Supply chain security has long been a concern, but became a real and pressing issue after the dispute started under former US president Donald Trump and the SolarWinds attack in 2020.
A modern, sophisticated product might consist of hardware and software components provided by dozens or even hundreds of suppliers. To ensure a finished product’s overall security, its manufacturer needs to ensure that its own IT environment, as well as components from suppliers and their IT environments, are secure.
Leaders of large manufacturing ecosystems, such as Boeing, General Motors and Taiwan Semiconductor Manufacturing Co (TSMC), are beginning to devise supplier IT security standards and guidelines, and include them in their routine quality audit programs to ensure that ecosystem members deploy proper cybersecurity defense measures in their IT environments.
With such a mandate in place, the CEO of a supplier now sees IT security investment not as something that is “good to have,” but as something their company “must have,” because the investment becomes an essential element of product development and competitiveness.
That is, the associated ROI is not only clear, but also compelling.
The government should leverage this supply chain management trend to steer the country’s small and medium-sized manufacturers toward increasing their IT security investments. Specifically, it should borrow supplier IT security standards, guidelines and auditing procedures from world-class supply chain leaders, such as TSMC, codify them into a reference plan on supply chain security assurance and provide it for free to local industry associations, incentivizing them to apply it to their supply chain management.
Taiwan’s manufacturing industry has a chance to not only strengthen its internal IT security, but also enhance the global competitiveness of its products.
Chiueh Tzi-cker is a joint appointment professor in the Institute of Information Security at National Tsing Hua University.
A stark contrast in narratives about China’s future is emerging inside and outside of China. This is partly a function of the dramatic constriction in the flow of people and ideas into and out of China, owing to China’s COVID-19 quarantine requirements. There also are fewer foreign journalists in China to help the outside world make sense of developments. Those foreign journalists and diplomats who are in China often are limited in where they can travel and who they can meet. There also is tighter technological control over information inside China than at any point since the dawn of the
Almost as soon as the plane carrying a US delegation led by US House of Representatives Speaker Nancy Pelosi took off from Taipei International Airport (Songshan airport) on Thursday, Beijing announced four days of live-fire military drills around Taiwan. China unilaterally cordoned off six maritime exclusion zones around Taiwan proper to simulate a blockade of the nation, fired 11 Dongfeng ballistic missiles and conducted coordinated maneuvers using naval vessels and aircraft. Although the drills were originally to end on Sunday, the Chinese People’s Liberation Army’s (PLA) Eastern Theater Command issued a statement through Chinese state media that the exercises would continue,
US House of Representatives Speaker Nancy Pelosi’s visit to Taiwan last week represented a milestone in Taiwan-US relations, but also pricked the bubble of the Chinese Communist Party’s (CCP) big lie that Taiwan is an inseparable part of China. During a speech delivered at the Presidential Office in Taipei on Wednesday, Pelosi said: “Forty-two years ago, America made a bedrock promise to always stand with Taiwan,” referring to the US’ Taiwan Relations Act of 1979. On the eve of her visit to Taiwan, Pelosi published an article in the Washington Post in which she stated that “America must stand by Taiwan.” With China
In the article “Who’s afraid of TikTok? The world’s most exciting app is also its most mistrusted,” published on July 7, The Economist warned that the Chinese ownership of TikTok — a popular short-form video-sharing social media platform that has swept the world and is taking over the market shares of other social media platforms such as Facebook, YouTube and Instagram — is a serious concern. Headquartered in China, whose government is addicted to surveillance and propaganda, the bigger problem with TikTok is the opportunity it provides the Chinese Communist Party (CCP) to access users’ private information and manipulate what the