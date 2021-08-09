Agencies short of info security staff

By Wu Su-wei and William Hetherington / Staff reporter, with staff writer





The National Audit Office has said that 35 percent of government agencies, or 193 agencies, lack sufficient information security personnel, creating a weak spot in the nation’s defenses against cyberattacks from China.

The government increases spending on cybersecurity annually, and this year spent NT$2.3 billion (US$82.7 million), but is still 259 people short of meeting personnel needs, the office said in a report.

Thirty percent of funding for information security last year came from special budgets that would not be continued in the coming fiscal year, the office said.

According to regulations, there should be certified information security professionals to assist government officials at all levels, but there are at least 193 high-level agencies without information security officials, it said.

The government agencies have relied on outsourcing to meet staff requirements, but have not reached the number of hires needed for the task, the office said, adding that the government’s failure to fund the hiring of information security personnel has hampered efforts.

Tzeng Yi-suo (曾怡碩), director of the Institute for National Defense and Security Research’s Division of Cybersecurity and Decisionmaking Simulation, said that public and industrial organizations are clamoring to hire information security experts.

Those who specialize in information technology do not like to be micromanaged, and government employment naturally involves numerous restrictions, he said, adding that the situation makes it difficult to hire talented people long term.

“Actually, it is not necessary for information security experts to stay with us in the government long term. After they gain experience with us they can go into industry,” he said. “We want these talented people to know that working with the government or military can be a stepping stone to earning high salaries in private industry.”

Government agencies last year reported 525 cybersecurity threats, nine of which were relatively severe, a report released by the Executive Yuan’s Department of Cyber Security showed.

Unauthorized access was the most common type of attack last year, comprising 68.8 percent of all threats, it said, adding that the primary causes were vulnerabilities in third-party products, failure of hosts to automatically install updates and remote connection management issues.

China has upped its cyberespionage activity worldwide in the past few months, and security experts believe the trend signals a shift from targeted espionage campaigns to smash-and-grab raids, leading to concerns that Chinese threats are escalating, a BBC report said.