Taiwan Declares Information Security is Now National Security, Hardens Critical Infrastructure

Recently, three large organizations in Taiwan, in succession, reported being targets of ransomware attacks. As all three are considered to be within the eight critical infrastructures (energy, water, transportation, communications, finance, medical care, government, high-tech), local cybersecurity experts warn that these specific successive ransomware attacks could be signs of APT-level attacks testing critical infrastructure (CI) for rapid response capabilities in preparation for future attacks.

‍

Advanced Persistent Threats (APT) are elite groups of cybercriminals that are typically sponsored and directed by nation-states. This extensive knowledge of attacker techniques and tactics combined with nation-state resources makes APTs stealthy, fast, dangerous, and persistent.

Reporter Binghong Chen from Taiwan News website, 自由時報 (Liberty Times Net), reached out to Benson Wu, CyCraft CEO for comment.

“Taiwan has been targeted by APT-level cyberattacks for many years now. Years ago, when the security industry came up with the “anti-APT” buzzword, most organizations were clueless in validating “Anti-APT” capabilities, yet embraced them as a silver bullet. Today, local organizations are much more aware of the need for security situation awareness and the capabilities of EDR/MDR solutions. Some vendors, like CyCraft, have their EDR solutions evaluated by MITRE ATT&CK. In the future, EDR will become as common as Antivirus and Firewalls are today. More and more intrusions are bypassing preventive security measures. EDR wins those decisive battles against APTs and keeps them off critical endpoints.”
-Benson Wu, CyCraft CEO

‍

Benson continued, “In the past few years, we have seen ransomware evolve rapidly. Organizations require multiple lines of defense to completely withstand a ransomware attack and remain resilient. Your first lines of defense are preventive solutions, such as your NGAV/NGFW. The second line of defense would be your EDR solutions; the third, disaster recovery solutions like backing up from off-site data storage; the fourth, real-time AI-powered SecOps, and your fifth and final line of defense would be hardening your defenses through attack emulations, such as red team blue team testing.”

‍

Ransomware

Ransomware attacks against any of the eight critical infrastructures of Taiwan are now considered a serious threat to national security. Organizations along the eight critical infrastructures need to take immediate action to avoid having the entire ecosystem be susceptible to a singular cyberattack.

As ransomware attacks (or cyberattacks in general) against critical infrastructure can be extremely devastating to the public, the Taiwan government has begun giving these targeted cyberattacks the highest priority of national security.

Information security is now national security.

‍

The Flagship Information Security Project

Benson continued to point out that in early 2017, the Taiwan Security Department of the Executive Yuan, under the leadership of Director Jian Hongwei, began implementing its 資安旗艦計畫 (Flagship Information Security Project) and 前瞻基礎建設計畫 (Forward-looking Infrastructure Development Program) to build an Information Security Sharing and Analysis Center (ISAC) for the eight critical infrastructures and to develop and implement better information security technologies across all critical infrastructure.

The 資安旗艦計畫 (Flagship Information Security Project) saw quick success, gathering international partners in cyber intelligence such as the Netherlands.

In 2018, the National Information Security Sharing and Analysis Center (N-ISAC) began operations to better coordinate communication between each of the eight ISACs and acted as a national security operations center of sorts.

Within months, the N-ISAC determined that while their range and breadth of intelligence were now sufficient, the depth of intelligence wasn’t up to their new standards. In the near future, N-ISAC, in addition to providing ISACs with the latest worldwide intelligence on known indicators of compromise (IOC) and malware analysis, shall also consolidate actor intelligence and APT-level adversarial techniques as defined by the MITRE ATT&CK® framework.

Organizations in energy, water, transportation, communications, finance, medical care, government, and high-tech are critical infrastructures vital to the health of the public and the nation. These organizations should not be left alone to defend themselves against cyberattacks as they are prime targets for APT-level attacks.

If critical infrastructure is targeted by foreign state-sponsored attacks, they need national-level protection. Information security is now national security.