Extent of Taiwanese government data breaches still unknown to public: Former NSC official

19-May-2020 Intellasia | TaiwanNews | 6:02 AM Print This Post

In the wake of recent cyberattacks on Taiwan’s major oil refineries and Presidential Office, a former National Security Council (NSC) official and banker voiced concerns over the perennial problem of lax cybersecurity at different government institutions, adding that “there are more data breaches yet to be made known to the public.”

Taiwan’s Presidential Office was allegedly hacked, and minutes from meetings of unclear authenticity were sent to reporters, including discussions about how to deter President Tsai Ing-wen’s rival William Lai in the 2019 party primary and mentions of a possible power play between Tsai and Premier Su Tseng-chang.

Enoch Wu, a former Goldman Sachs managing director who worked on Taiwan’s NSC from 2017 to 2019, expressed his view Sunday (May 17) on the alleged security hack at the Presidential Office. He said that having served as an advisor to the NSC, he is agonisingly aware of “a lot” of data breaches at Taiwanese government agencies over the past few years that have not been made known to the public.

“Despite endless government insistence that ‘information security is national security,’ the attacks have never been effectively subdued and nearly all the core government units have been infiltrated,” said Wu, adding that “the damages are difficult to assess because government agency networks are connected.”

“Every time a data breach occurs, each agency seeks external help to ‘clean up’ office desktops and network servers and that’s the end, while it needs to be addressed properly to avoid the attacks from happening again and again.”

He attributed the frequent breaches to three phenomena: role or function ambiguity in the field of cybersecurity, which ends up with no one really in charge; reliance on third parties for maintaining security networks; and poor security awareness and practices between government officials, which altogether create many loopholes for hackers.

Wu suggested that the president should create a post for a chief cybersecurity officer who would be responsible for protecting information networks and have the authority to coordinate working parties in effectively addressing challenges. Furthermore, he recommends that the central government develop a cloud-based, centralised and secured solution for local governments to endure systematic attacks as well as keep security networks up to date with all the work done in-house.

Lastly, according to Wu, many high-level officials store sensitive documents on personal devices and rely on LINE, Telegram, and Signal to communicate with each other. Wu urged all government employees to stick to security protocols and avoid handling confidential information outside the office.



Category: Taiwan

Print This Post

Comments are closed.