Persistent Threat

Next Article

Turnbull's Choice

Strategic Vision vol. 7, no. 36 (February, 2018)

Taiwan’s security architecture must evolve to meet growing cyber-threats

Yu-min Chang

In response to globalization and informatization, governments and enterprises heavily rely on the Internet for online management and service in cyberspace, and for remote and online management of their critical infrastructure. Therefore, cyberspace has become a critical dimension that terrorist organizations utilize to attack target countries and people. This form of cyber-attack can cause greater damage than a traditional attack given that its stealth characteristics and the power of networkwide influence easily penetrate the wall of traditional national security. Therefore, improving the capabilities of cyber-security is a critical priority for Taiwan’s national security.

In 2015, Chinese President Xi Jinping visited the United States and discussed an agreement to manage cyber-weapons. The degree of importance the two countries placed on limiting cyber-attacks against critical infrastructure was similar to agreements which limit the use of biochemical and nuclear weapons. Both China and the United States promised not to use cyber-weapons to paralyze each other’s critical infrastructure during peacetime. Vikram Singh, former deputy assistant secretary of defense for South and Southeast Asia at the Pentagon, noted that this agreement was the first time that cyberspace had been treated as a strategic issue, similar to biochemical and nuclear weapons. This agreement was aimed at preventing attacks on power plants, banking systems, communication networks, and medical institutions.

Hacked and invaded

In October 2017, North Korean cyber-forces infiltrated South Korea's Ministry of National Defense and obtained contingency plans for capturing North Korean President Kim Jong Un. Rhee Cheol-hee, a member of South Korean government's parliamentary defense committee, revealed that the Defense Integrated Data Center in South Korea had been hacked and invaded, and 235 gigabytes of data was stolen in September 2016. Among this stolen data, 226 class-2 and 42 class-3 military confidential files were compromised. In addition, 295 confidential files were also stolen.

Furthermore, OPLAN 5015, the key military plan for the defense of South Korea, was also compromised. This plan includes detailed information on potential decapitation operations against top North Korean leaders, which encompasses identifying and monitoring the movement and locations of kim Jong Un, the method of blocking the safe houses of North Korea's top echelons, air raid operations, and the four steps of reunification after capturing and removing these top leaders. In addition, data related to critical infrastructure and details of military meetings between South Korean Armed Forces and the US military regarding operations of United Freedom Guardian were also stolen. This not only jeopardizes potential operations against North Korea, but also makes South Korea more vulnerable to new threats and provocations from the north.

In view of these attacks, it is increasingly clear that the lack of global coordination in law enforcement to combat cyber-crime will lead to an increasingly dangerous cyber environment. As networks between criminals, terrorists and some governments deepen, governments and the public will be put at an ever-greater risk, which will negatively impact economic development, as well as public safety and well-being.

High-level threat

Robert Mueller, former director of the FBI, has predicted that threats in cyberspace and maintaining cyber-security will become the highest level of national security in the next few years, given it is already used for terrorist activities. Terrorist organizations are expected to increase their use of cyber-attacks, which will necessitate further cooperation in international cyber-security.

Experts in the national security and anti-terrorism fields have studied the characteristics of cyber-threats and identified six attributes and threats. The first type of the threat comes from unitary actors; Individuals working alone have a wide range of motivations which include personal financial gain, as well as political, social, or religious motivation. A skilled hacker can launch remote attacks and hide his true identity and location.

Impossible to detect

A second challenging aspect of cyber-threats is that they are nearly invisible. For anti-terrorist organizations such as the police and intelligence agencies, this kind of action is almost impossible to detect and therefore pursue. The motivation is also difficult to discern. The difficulties of investigating crimes in cyberspace are akin to finding a needle in a haystack. Hackers use backdoor methods to infect computer systems and then implant malware, after which they can quietly achieve their objectives. Given that malicious programs update quickly, it is difficult for anyone to detect and prevent these attacks.

The third challenge of cyber-security is that of shifting ideologies and motivations among groups which conduct cyber-attacks. Cyber-criminals, hacker groups, and terrorist networks often have multiple ideologies and varied motivations. Therefore it is difficult to determine what other criminal or terrorist groups they may be connected with.

China is aggressively targeting military, political, technological and industrial targets in other countries.

A further challenge for national security agencies and law enforcement is the difficulty in characterizing threat groups. The difference between hackers and terrorists is sometimes difficult to distinguish. The character and motivations of hacker groups and terrorists is often uncertain given the lack of information available on these groups.

Continual threat

Another attribute of cyber-threats is that they are conducted on a continual basis. Automated attacks provide a persistent threat. This presents a challenge to fixing systems that have crashed because they are not able to reload and fix the crash.

Finally, cyber-criminals and hackers belong to a sub-community where technology and hacking resources are shared and disseminated. This subgroup can draw in less committed hackers and expose them to a process of radicalization, where they are drawn deeper into the hacker community and mentality.

The government in Taiwan must urgently formulate an appropriate response to manage cyberspace and to maintain the nation’s cybersecurity.

The above characteristics make it difficult for intelligence organizations to collect information on perpetrators and create a clear view of the larger problem. Advance warning is difficult, and often impossible to provide and the actions of hackers are also difficult to detect. Faced with such a difficult threat, most nations need to do much more to increase their security.

The People’s Republic of China (PRC) has a highly developed system of hackers and cyber specialists. China is aggressively targeting military, political, technological, and industrial targets in other countries. Similarly, China has also achieved success in exploiting Taiwan’s networks. In particular, China has been successful against Taiwan by exploiting social engineering. This has enabled PRC cyber operatives to install viruses which have the ability to paralyze key networks in Taiwan, thereby causing a direct threat to government and civilian safety.

The PRC takes its own cyber-security very seriously. In 2016, the Cyber-security Law of the People’s Republic of China was passed, and it went into effect on 1 June, 2017. This law not only regulates the leading agency of development and management of the technologies and activities in cyberspace but also requires relevant units to coordinate with the leading agency. These units are authorized to adopt proper and necessary measures to prevent crimes in cyberspace. Although this law has been criticized for violating personal privacy and civil liberties in China, Beijing’s proactive actions to maintain control over security in cyberspace offers valuable points for consideration.

Appropriate response

The government in Taiwan must urgently formulate an appropriate response to manage cyberspace and to maintain the nation’s cyber-security. Unlike in China, a unified and integrated law and mechanism for managing cyberspace and maintaining cyber-security is absent in Taiwan. The top guiding organization in Taiwan is the National Information and Communication Security Taskforce, which is formed by relevant units and operates as a committee. However, the regulating rules of this committee are lower than laws and regulations. Therefore, the decisions of this committee are difficult to put into effect given that departmental rivalry and selfishness is generally a factor in most government agencies. Therefore a more authoritative set of laws is necessary to solve the problem.

Given that the National Security Act is the top document that standardizes national security laws, it is important to incorporate mechanisms for maintaining cyber-security into this law. The potential damage from cyberspace is too great to ignore since numerous intrusion activities have occurred, and the rate of them is increasing. It is fair to say that the National Security Act requires further refinement to combat cyber-terrorism and potential harm caused by cyber-attacks. In order to enhance the coverage of the Act, four additional steps should be implemented. First, include measures for a greater focus on anti-terrorism and intelligence work in the act. Second, strengthen overall national management of cyberspace. Third, include cyber-security in the National Security Act. And fourth, establish an agency to deal with cyber-security. By taking these steps, Taipei will be better able to meet growing cyber-threats from the PRC.

Dr. Yu-min Chang is a Lecturer at the Taiwan Police College. He can be reached for comment at chang0302@ gmail.com