November 2019 marked the first-ever joint US-Taiwan cybersecurity exercise. Taiwan has been seeking closer security ties with the US for several years, as it’s subjected to constant cyber-attack and is perhaps the most-targeted country in the region.
“Taiwan is uniquely positioned to assist the international community in protecting itself from cyber theft,” noted a 2015 paper from the US Center for Strategic and International Studies. The paper suggested that Taiwanese involvement could benefit cybersecurity exercise – and four years later, it has joined the Cyber Offensive and Defensive Exercises.
Since 2013 these exercises have involved participants from around the Asia-Pacific region and beyond. This year’s edition included Australia, the Czech Republic, Japan, Malaysia, Taiwan and the US.
Governance is critical
Good board governance should encompass cybersecurity – leaving it only to the IT team, or to the relevant C-suite officers (CIO, CSO, CISO, CRO et al.) runs the risk that, while security systems will be improved, they won’t be fully aligned with the organisation’s strategic goals and plans.
Boards should include directors with at least enough expertise to be able to understand and interpret what their experts are telling them. They must be confident enough to make demands, set requirements and be able to share their insights with the board.
Training and updates are vital, and it’s critical that board members clearly understand the danger of cyber risks – as Taiwan’s example demonstrates.
Red versus blue
The five-day event saw ‘red teams’ of Taiwanese and foreign hackers launching simulated attacks on Taiwanese infrastructure, including government, banks and other financial institutions. A ‘blue team’ of Taiwanese cybersecurity experts attempted to detect and defeat the attacks.
Taiwan’s inclusion marked a ‘new frontier’ in security cooperation between the island nation and the US, according to Raymond Greene, Deputy Director of the American Institute in Taiwan (AIT). Taiwanese authorities have worked closely with the AIT to bring their nation into the US Department of Homeland Security’s Automated Indicator Sharing system.
Cybersecurity is national security
There can be no doubt that cybersecurity represents a ‘new frontier’ in warfare, espionage and corporate espionage.
With Taiwan experiencing up to 30 million attacks every month, and with the nature of warfare changing, Greene asserted that ‘the biggest threats today would no longer be troops landing on beaches, but efforts by “malign actors” to use the openness of societies and networks to attack industries, democratic institutions and the integrity of critical infrastructure’.
Taiwan’s contested relationship with China certainly makes it more likely to suffer attacks, but that doesn’t mean the rest of the region can rest on its laurels. In fact, Asia-Pacific businesses are 80 per cent more likely to be attacked that businesses in other regions.
Partly this is due to a lack of transparency; low ‘cyber awareness’ and weak regulation and enforcement also contribute.
Modern Governance is the key
‘Modern Governance’ as the best corporate governance framework for addressing cyber risks. By deploying a unified technology platform to manage and secure all aspects of board activities, the organisation is protected from attack. It’s also given the tools needed to govern cybersecurity, measure its effectiveness and use analytics to generate risk assessments and other business intelligence to assist the organisation in its strategic planning.
Secure messaging, collaboration, voting, board papers, minutes, skills matrices and other capabilities can be made available online and accessible through mobile devices. Board members can be kept up to date with any crises or emerging situations and contribute in real-time to their solutions.
Defending the region
Taiwan’s involvement in the exercises marks a new stage in regional thinking about cybersecurity. At the Indo-Pacific Business Forum, the US State Department launches its report A Free and Open Indo-Pacific: Advancing a Shared Vision.
“We coordinated with link-minded partners such as Australia, Japan, the Republic of Korea, New Zealand, Singapore and Taiwan to support this objective,” the report says. It notes various initiatives to encourage policymakers in the region to take a risk-based approach to technology acquisitions and to come together to discuss cybersecurity, the digital economy and media disinformation.
It’s a lofty goal at the state level, but one what will necessarily be implemented at the organisational level. Deploying a Modern Governance system is the best way for your company to make sure it’s a responsible actor.
October 30, 2020
Top 5 Mistakes to Avoid When Transitioning to Virtual Board Governance
With rapid change affecting businesses (including growing emphasis on environmental, social and governance (ESG) principles and the COVID-19 pandemic), it seems organisations are called on to be more: more informed, more collaborative and more responsive to stakeholders. The systems and processes that businesses need now are encapsulated in the concept of modern…
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…
August 20, 2020
Minimising the Risk of Virtual Meetings: 5 Practices Boards Should Avoid
Months into the COVID-19 lockdown, remote workers—and board members—have become more accustomed to virtual meetings. They’ve found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and “Zoom couture.” Yet as virtual work becomes a way of life, not all adaptive…