TAIPEI (Taiwan News) — The Digital Taiwan Roundtable (台灣數位科技與政策協進會) held an event on Tuesday (Oct. 1) to draw attention to cybersecurity and its impact on business enterprises and national security.

Digital Roundtable Founding President Luis Ko (高志明) opened the forum by saying that cybersecurity is not just an issue for Taiwan but all countries. He said, “Cybersecurity attacks can come from different countries, and all businesses must assess weaknesses and vulnerabilities." 

The event was co-organized by the Information Service Industry Association of R.O.C. (CISA) and the Taiwan Chief Information Security Officer Alliance (CISO).

Ko said he met with US drone technology experts, who admitted their industry has security weaknesses that can be exploited. “We can’t solve all our problems just by hosting a few forums about cybersecurity and national security, but we can learn about the problems businesses are experiencing," he said. 

“Everything may seem fine now, but we still have to defend against cyber security attacks," Ko said. "If the government works hard to ensure cybersecurity, it will help all of our domestic industries.” 

Ko thanked everyone for attending the forum. He jokingly told the next speaker, National Security Council Senior Advisor Lee Yuh-jye (李育杰), not to reveal national secrets. 

Cybersecurity vital to national security

Lee addressed the seriousness of cybersecurity and its potential to impact national security, global trade, finance, and IT infrastructure. He said the subject is important for Taiwan, described by The Economist as “the most dangerous place in the world." 

Lee said, “Taiwan experiences a lot of threats. Everyone thinks these attacks are from China, but they can come from many different places." The rise of AI has led to more fake news and disinformation that can easily spread through social media platforms.

To prepare for a future where hackers and cybercriminals are around every corner, Lee referred to US President Joe Biden’s executive order on improving US cybersecurity, which said “incremental changes cannot cope with urgent crises.” Lee agreed with the statement and urged Taiwan’s government to make bold, significant investments to promote cybersecurity.

“We are in an era of open data and transparency, and you can easily find all of the companies involved in the supply chain for the government," Lee said. Whether hardware or software, suppliers need to be trusted through 'security by design' or special requirements. 

Lee said cybersecurity has become so challenging that products or services certified “secure” are not necessarily secure. 

Four pillars of trust

Lee said to examine the subject's importance, there are four pillars of cybersecurity trust: “security defense resilience,” “homeland and critical infrastructure,” “key sectors and supply chain,” and “AI applications and security.”

Concerning “security defense resilience,” Lee said it is vital for businesses to screen incoming employees and retain talent. “We simply cannot let everyone in. We have to discuss career paths for young people to entice them to join us and earn higher salaries.”

Lee said many companies do not dedicate enough resources to cybersecurity. For example, he met with Taipower officials who felt they lacked the resources to enhance information security. However, Lee said disrupting Taiwan’s most important power supplier can have devastating consequences.

“It is difficult for them to do cybersecurity because they have a small group dedicated to this task. It’s not that they don’t want to do it but they do not have the right resources," Lee said. "I believe there are opportunities to invest in businesses that can assist such companies with cybersecurity.” 

However, Lee said bringing in an outside firm to help with cybersecurity exposes companies to risks, such as the provider's trustworthiness. Furthermore, many private companies believe such investments will not earn them profits. 

Regarding “AI applications and security,” Lee said Chat GPT has led to the spread of disinformation. He said, “The biggest risk of AI is that it can be wrong."

Regarding another pillar of trust, “key sectors and supply chain,” Lee compared cybersecurity to wearing a mask during the pandemic. “If you wear a mask you can avoid basic hackers and cybersecurity attacks, but different organizations may have advanced security concerns and needs," he said. 

For example, Lee said quantum computing will make passwords and cryptography obsolete in the following decades. While many companies will not require such advanced protection, post-quantum cryptography (PQC) and migration are key to many businesses and organizations.

Lee said Taiwan has attracted international attention from foreign organizations willing to upgrade cybersecurity. He believes the best cyber security plan involves cross-pillar public-private partnerships. 

Business enterprises' concerns

After Lee's remarks, business representatives expressed concerns about cybersecurity and its potential costs. Many hoped the government could lead in offering guidance to businesses about cybersecurity compliance required by foreign firms and improving vulnerabilities and weaknesses. 

Cybersecurity is a major supply chain issue, with international companies requiring Taiwanese firms to comply with “security by design” and component traceability. Such requirements can earn suppliers lucrative international contracts, though cybersecurity certifications, such as Cybersecurity Maturity Model Certification (CMMC) required by the US government, may not be worth the investment. 

Another roundtable participant said that spending NT$1 million (US$31,350) is not a big cost for the government but something few businesses will pay. Even NT$20,000 may be too much for Taiwanese companies. 

Taiwan SMEs face pressing challenges such as survival, rather than potential weaknesses or vulnerabilities hackers can exploit. As a result, Taiwan’s cybersecurity infrastructure may be underdeveloped and vulnerable.

Ko said Taiwan restricts businesses in other areas such as drone production. He noted that drones cannot be freely flown and tested for extreme weather conditions in Taiwan due to government flight restrictions. 

Ko suggested that drone technology be transferred to land-based robot dogs. He noted that many of the controllers and GPS systems used in drones could be applied to robot dogs, which do not violate government restrictions during land-based testing. 

Ko’s example showed the creativity of Taiwanese enterprises, choosing to turn obstacles or challenges into new opportunities.