Cyber-security is one of those topics most people are vaguely aware of, but which many believe does not really affect them. But a number of recent developments have suggested that the risk of cyber attacks in Taiwan are very real, and it is not just businesses and government bodies which need to be taking steps to protect themselves, but individuals too.
Last week, the Democratic Progressive Party's (DPP) official website was temporarily taken down by a Chinese hacker only identified as "Q." The hacker replaced the site with a derogatory message against Taiwanese citizens and also threatened to attack the Kuomintang (KMT) website next.
Was this a one-off attack by a lone-wolf hacker? It seems highly unlikely given what we know about the Chinese Communist Party’s use of cyber-attacks to try and assert their political ideology and policies, both domestically and, increasingly, internationally as well.
The notion that this attack was state-sponsored seems to be supported by comments made recently by a spokesperson for President Tsai Ing-wen (蔡英文) to the Financial Times of London.
The unnamed official described Taiwan as being "on the front lines of cyber warfare, with [Chinese] hackers trying to steal information and spreading fake news to create dissent in Taiwan society."
They also warned of the likelihood of a sharp increase in cyber-attacks on Taiwan in the run-up to this year’s elections and all the way through to the 2020 Presidential Election. “Taiwan will become a global hotspot for cyber-attacks and fake news,” they rather grimly predicted.
How Chinese hackers threaten Taiwan's elections
Grim maybe, but the comment is likely to be a prescient one. The overwhelming majority of recent cyber-attacks on Taiwan have originated in China, with one figure putting the numbers as high as 40 million a month. And it is no coincidence that these numbers have skyrocketed since the election of Tsai Ing-wen and her DPP administration.
Learning from their allies in Russia, experts are increasingly certain that the CCP plans to use their army of state-funded hackers to try and disrupt the upcoming elections in Taiwan and ensure that their preferred candidates (those representing the pro-China KMT) win wherever possible.
There has been much coverage in recent months about how much impact Russia’s cyber-army had in the most recent US Presidential election. The general consensus seems to be that it was significant. China will be certain it can have an even more profound impact on the forthcoming elections in Taiwan.
There are already instances where the spreading of fake news has directly impacted Taiwanese voters. For instance, last year’s public outrage over a supposed plan to ban incense in temples in Taiwan, which saw people taking to the streets in protest, was an entirely false story which originated in China. Yet it provoked public anger against the DPP Administration and also appeared to back up the false CCP narrative that Taiwan is trying to erase its Chinese cultural heritage.
The Taiwanese Government needs to have a strategy in place to tackle the spread of this kind of fake news and ensure that the public is fully aware that the CCP is using this strategy to try and subvert Taiwan’s hard-earned democracy.
The threat to National Infrastructure
But there is also a very serious and tangible risk presented by Chinese hacking too. Because the fact is that almost all of Taiwan’s critical national infrastructure is susceptible to such attacks.
Hackers could theoretically shut down power stations, interfere with communications, disrupt Taiwanese banking and financial systems, and adversely affect many aspects of everyday life in Taiwan. And when such a failure happens, who is likely to take the blame? A faceless Chinese hacker or the Taiwanese Government that failed to prevent the attack?
The answer is the latter on almost every occasion and such actions would have an obvious knock-on effect in any forthcoming election.
So, what steps can the Taiwanese Government take to try and protect Taiwan from such attacks? The first thing that should be done in a phased removal of any Chinese-manufactured hardware and software from all public agencies and companies involved in Taiwan’s critical national infrastructure.
The revelation last year that the Chinese Military had access to Taiwan’s E-Gate system, is just one example of the potential threat such technology poses. There will be plenty more examples of such technology which, in all likelihood, includes vulnerabilities that CCP hackers can exploit. A phased program which removes such technology is vital for Taiwan’s national security.
A review of the Government’s cyber-security policies and data protection practices is also needed, with high standards introduced across the entire public sector. These requirements should also extend to any private organization which works alongside Government on any project deemed to be critical to Taiwan’s national infrastructure.
How people in Taiwan can protect themselves
But this is not a problem the Government can solve on its own through regulation.
There is also an urgent need for a public information campaign to inform Taiwanese businesses and individuals of the potential risks posed by cyber-attacks and the steps that they should take to protect themselves.
Because individuals living in Taiwan are just as vulnerable to Chinese hackers as state agencies and corporate organizations are.
It would be naïve to think that the CCP was not seeking to monitor Taiwanese citizen’s online. They remain confident that Taiwan will become part again and will already be planning to quell the inevitable dissent they would face when it does.
They are likely to already be gathering intelligence on those likely to actively resist any Chinese occupation or question their claims to sovereignty.
Hackers are also likely to be targeting individuals with a view to planting malware, compromising social media sites, and even stealing confidential or financial information.
Individual targeting is not something the Government can tackle, so it is the responsibility of individuals to protect themselves. There are a number of ways you can do this.
Always ensure that your software is updated with the latest security patches to fix any potential vulnerabilities in the software and hardware you are using.
Make sure that you are using strong passwords on all of your online accounts. To help you keep track of these, sign up for a password manager, such as LastPass, to help you.
Avoid using Chinese apps such as WeChat. All Chinese social media sites assist the CCP in their online surveillance programs and there is no reason to think this activity is restricted to China alone. Any information you share on these platforms is likely to be available to the CCP and the software may even be providing them with a route to access anything else on your cellphone, tablet, or computer too.
It is also a good idea to avoid using smartphones from Chinese manufacturers for the same reasons. Stick to manufacturers like HTC, Samsung, Apple and which you can be pretty sure have no hidden political motives in Taiwan.
And perhaps most importantly, all Taiwanese people should invest in a VPN. This simple security and privacy tool costs just a few NT$ a month but offers a whole raft of benefits. It encrypts everything you do online, hides your online identity, and even keeps your data safe when using vulnerable public Wi-Fi or 4G networks.
Cybersecurity may seem like an issue which does not affect you. But the reality in Taiwan is that there is a growing threat from neighboring China that has the potential to affect everyone. And while the Government has a responsibility to take steps to protect the country, individual internet users also have a responsibility to try and keep themselves protected too.