Cybersecurity

Joint US-Taiwan cybersecurity drill underway

November 2019 marked the first-ever joint US-Taiwan cybersecurity exercise. Taiwan has been seeking closer security ties with the US for several years, as it’s subjected to constant cyber-attack and is perhaps the most-targeted country in the region.

“Taiwan is uniquely positioned to assist the international community in protecting itself from cyber theft,” noted a 2015 paper from the US Center for Strategic and International Studies. The paper suggested that Taiwanese involvement could benefit cybersecurity exercise – and four years later, it has joined the Cyber Offensive and Defensive Exercises.

Since 2013 these exercises have involved participants from around the Asia-Pacific region and beyond. This year’s edition included Australia, the Czech Republic, Japan, Malaysia, Taiwan and the US.

Governance is critical

Good board governance should encompass cybersecurity – leaving it only to the IT team, or to the relevant C-suite officers (CIO, CSO, CISO, CRO et al.) runs the risk that, while security systems will be improved, they won’t be fully aligned with the organisation’s strategic goals and plans.

Boards should include directors with at least enough expertise to be able to understand and interpret what their experts are telling them. They must be confident enough to make demands, set requirements and be able to share their insights with the board.

Training and updates are vital, and it’s critical that board members clearly understand the danger of cyber risks – as Taiwan’s example demonstrates.

Red versus blue

The five-day event saw ‘red teams’ of Taiwanese and foreign hackers launching simulated attacks on Taiwanese infrastructure, including government, banks and other financial institutions. A ‘blue team’ of Taiwanese cybersecurity experts attempted to detect and defeat the attacks.

Taiwan’s inclusion marked a ‘new frontier’ in security cooperation between the island nation and the US, according to Raymond Greene, Deputy Director of the American Institute in Taiwan (AIT). Taiwanese authorities have worked closely with the AIT to bring their nation into the US Department of Homeland Security’s Automated Indicator Sharing system.

Cybersecurity is national security

There can be no doubt that cybersecurity represents a ‘new frontier’ in warfare, espionage and corporate espionage.

With Taiwan experiencing up to 30 million attacks every month, and with the nature of warfare changing, Greene asserted that ‘the biggest threats today would no longer be troops landing on beaches, but efforts by “malign actors” to use the openness of societies and networks to attack industries, democratic institutions and the integrity of critical infrastructure’.

Taiwan’s contested relationship with China certainly makes it more likely to suffer attacks, but that doesn’t mean the rest of the region can rest on its laurels. In fact, Asia-Pacific businesses are 80 per cent more likely to be attacked that businesses in other regions.

Partly this is due to a lack of transparency; low ‘cyber awareness’ and weak regulation and enforcement also contribute.

Modern Governance is the key

Modern Governance’ as the best corporate governance framework for addressing cyber risks. By deploying a unified technology platform to manage and secure all aspects of board activities, the organisation is protected from attack. It’s also given the tools needed to govern cybersecurity, measure its effectiveness and use analytics to generate risk assessments and other business intelligence to assist the organisation in its strategic planning.

Secure messaging, collaboration, voting, board papers, minutes, skills matrices and other capabilities can be made available online and accessible through mobile devices. Board members can be kept up to date with any crises or emerging situations and contribute in real-time to their solutions.

Defending the region

Taiwan’s involvement in the exercises marks a new stage in regional thinking about cybersecurity. At the Indo-Pacific Business Forum, the US State Department launches its report A Free and Open Indo-Pacific: Advancing a Shared Vision.

“We coordinated with link-minded partners such as Australia, Japan, the Republic of Korea, New Zealand, Singapore and Taiwan to support this objective,” the report says. It notes various initiatives to encourage policymakers in the region to take a risk-based approach to technology acquisitions and to come together to discuss cybersecurity, the digital economy and media disinformation.

It’s a lofty goal at the state level, but one what will necessarily be implemented at the organisational level. Deploying a Modern Governance system is the best way for your company to make sure it’s a responsible actor.

Featured Blog