Taiwan faces political, economic and military coercion from the Chinese Communist Party (CCP) amid a significant increase in cyberattacks on government agencies, according to Taiwan Premier Su Tseng-chang. The completeness of security and protection of agencies has recently attracted public attention.
ROC Ministry of Defense confirms cyber attack from Beijing
The Ministry of Defense of the Republic of China (ROC), Taiwan, held a press conference on Tuesday confirming that the Chinese Communist Party (CCP) has launched cognitive warfare and cyber warfare in addition to military exercises. Attack on key global information websites in Taiwan.
The Defense Department’s official website was hacked on March 3rd. According to a search by the ministry’s response team, the website was flooded with connection requests from multiple suspicious computer IP addresses simultaneously, causing network traffic to exceed the limit and making the website inaccessible.
According to the ROC Political Warfare Bureau, the CCP launched a cognitive war ahead of its military drills. From August 1 to 8, a total of 272 controversial messages were copied and distributed to call for “unity with force” and undermine the ROC government’s authority.
Speaking about the CCP’s cognitive warfare, Chen Yu-lin, deputy director of the Bureau of Political Warfare, pointed out that with the rapid development of online communities and media, the style of warfare is changing greatly from before have.
Cognitive warfare in particular is disrupting society’s existing networks and making it difficult to have a decisive impact on the battlefield, she said.
The Department of Defense urged the public not to ignore controversial messages.
Numerous cyber attacks launched abroad
The Presidential Office of the ROC, Department of State, Department of National Defense and other agencies have all experienced Level 1 information security incidents recently. Government agencies and critical infrastructure websites have been targeted by foreign forces in distributed denial-of-service (DDoS) attacks.
A DDoS attack on a website is like a busy line, Digital Minister Audrey Tang, Taiwan’s first minister of digital affairs, told Liberty Times Net on Aug. 7.
“If a large number of cross-border calls from abroad are going to a certain line at once, it’s impossible to dial in,” she said. “In fact, the phone line has not been cut and no government information has been leaked.”
Tang said the critical infrastructure related to government agency websites is now well protected and such hacking is intended to induce psychological panic among the public. Digital websites are currently testing a distributed architecture based on Web3, which is asymmetric and has not been subject to recent DDoS attacks. If successful, it will be extended to all government departments and commissions. In the future, the applicable limits of the Web3 architecture and national laws will be determined for international operators; corresponding guidelines for step-by-step implementation will also be drawn up.
ROC government agency official websites have witnessed repeated cyberattacks from overseas, peaking on Aug. 2, 23 times the previous daily high. Audrey Tang confirmed on August 11 that (the government) continued to monitor the network attack situation.
According to statistics from the Taiwan Network Information Center (TWNIC), in the period from August 2 to 3, the maximum query volume of national top-level network domain DNS was about 85,000 times per second, including malicious attack traffic for 75 percent of the whole. Source are mainly cloud operators from the USA and China.
IThome, a Taiwanese news outlet, revealed that even after Nancy Pelosi left Taiwan, the CCP’s cyber attacks did not stop. For example, on August 6th, 7th, 8th and 10th, FTV News was attacked by DDoS. FTV’s live YouTube program was compromised by hackers on August 6th. The homepage of the official website of National Taiwan University’s Academic Affairs Office and R&D Office was replaced by hackers on August 7, with the words “There is only one China” and “China, not even a bit can left behind” appearing appeared on the homepage with a red background.
In terms of fake news, the most notable was the fake by the well-known hacker group “APT 27”, which claimed they had hacked into the systems of key departments in Taiwan and owned the “zero time difference loophole” of 200,000 IoT devices, which was enough to launch cyber attacks and shake Taiwan.
Despite the apparent simplicity of these cyberattacks, experts advise continued vigilance. Schee Tzu-han, a tech entrepreneur who has advised the Taipei government on digital issues, told The Wall Street Journal Aug. 10 that the low-tech attacks are actually gathering information about Taiwan’s cyber defenses for the next attack could.
Alastair MacGibbon, chief strategy officer at Australian cybersecurity firm CyberCX, echoed Schee’s view, saying he was not concerned about high-profile attacks on Taiwan’s government websites, but rather the extent to which the CCP may have infiltrated so-called “core systems.” like supply chain systems.
TV walls attacked
The CCP’s cyber army attacked several public TV walls in train stations and supermarkets in Taiwan to broadcast slogans such as “Pelosi, the warmonger, get out of Taiwan” and “Great China is finally being reunited.” It was later revealed by lawmakers that the software used by TSRC TV was that of Colorlight, a Chinese company.
The ROC’s Executive Yuan (a branch of government) adopted the principle of restricting the use of products that endanger the security of national information and communications in April 2019, restricting the use of Huawei and Hikvision products by government agencies, Hsu said Kuang-tse, a researcher at the Economic Democracy Union, a Taiwanese non-governmental organization. The Executive Yuan also sent a letter urging all government agencies not to use Chinese brands in their ICT products and not to associate them with government work, and urged them to replace their use or purchase Chinese brands until to be discontinued at the end of 2021.
Hsu said banning the use of Chinese-branded ICT products by government agencies is a trend in democratic countries and should have been strictly enforced by the Executive Yuan. However, the failure to effectively implement the policy was clearly reflected in the recent TV Wall incident.
Hsu demanded that the Executive Yuan submit a comprehensive audit report on the use of Chinese communications products by public entities, including outsourced contractors and advertisers, and proposed a list of penalties for non-compliance before the Legislative Yuan meets.
Audrey Tang said that the television wall incident is mainly information and psychological warfare, the purpose of which is to incite public panic. Although TV wall hacking does not imply an information security crisis, it should be considered a tactic in mixed warfare.
Responding to the information security vulnerabilities in this cyber attack, the Executive Yuan said it has started revising the policy on restricting the use of products that threaten national information security by various agencies, and that security-threatening information products or services will not be used could appear on electronic screens in public areas in the future, including central government, local governments, management companies, public institutions, Taiwan Railway, High Speed Rail, MRT, etc.
Proposed exercises on financial warfare: Taiwan Think Tank
With regard to the normalization of the CCP’s military exercises, Taiwan’s director of the Financial Research and Education Institute, Dr. Hank CC Huang, conducting simulated military exercises to deal with financial warfare. Financial war drills, including financial stress tests, conducted by the Ministry of Finance and the Ministry of National Security are called “financial Han Kwang exercises” in Taiwan and generally refer to a nationwide military exercise in which the CCP army used the imaginary enemy is.
Wang Ping, an academic at Taiwan’s Academia Sinica, said Aug. 9 that rising cross-strait tensions are having a major impact on Taiwan’s industry.
“Although the financial sector has no problems with the production chain, security is more important,” he said. “The financial sector should conduct a full risk assessment in advance and conduct financial warfare exercises.”
The main goal of the company is to provide the public with a comprehensive range of products and services. An official with the ROC Financial Supervision Commission pointed out that the commission has introduced individual and comprehensive prudent supervision of the financial industry.
“[We] monitored the risks at all times,” he said.
The Ministry of Finance activated the Information Security Alert Response Team and mobilized the eight major public banks, Taiwan’s tobacco and liquor companies, customs and trade, and other business institutions to regularly check their websites for signs of hacking.
Wang Jian-an, associate professor of finance at National Chi Nan University, said in an op-ed published in the United Daily News that traditional bank stress tests and financial oversight to some extent ignore operational risk.
“With the increasing possibility of military conflict, a national security financial stabilization program should be proposed to maintain the basic functioning of society,” he said.