The Taiwan Computer Network Crisis Response and Coordination Center (TWCERT/CC) held its first enterprise information security exercise today (August 10th). Minister Audrey Tang teamed up with colleagues from the Ministry of Digital Affairs (moda) and the National Institute for Cyber Security (NICS) to participate in the exercise and to practice hacking and defense with 10 private enterprise cybersecurity teams. Through practical actions, it conveyed the importance of cybersecurity protection to enterprises and demonstrated the support and commitment of senior management to information security protection, which is the cornerstone of ensuring the security of corporate information.
In order to enhance the ability of enterprises to detect and respond to hackers in an instant manner, and to build a strong cybersecurity joint defense fortress in Taiwan, the Ministry of Information Technology (MIT) instructed the TWCERT/CC to plan and organize Cyber Drill based on the experience of participating in the Asia Pacific Computer Emergency Response Team (APCERT) in the past years, the moda said.
It was the first time that the TWCERT/CC organized the "Cyber Drill 2023". The TWCERT/CC invited five high-tech companies, including ASE, Delta Electronics, Zyxel Communications, ASUS, and WNC, as well as the five major telecommunications companies, including Chunghwa Telecom, Taiwan Mobile, Far EasTone, Taiwan Star, and Asia Pacific Telecom, to participate in the exercise. It simulated hackers' infiltration through social engineering, and the teams were required to utilize the limited information provided during the event to detect the traces of the hackers, conduct contingency management and block the hacker attacks to ensure the continuous operation of their information and communications systems. Minister Tang also participated in the event with a team of colleagues from the moda and the NICS, and exchanged views with the teams of private enterprises.
Through this event, the moda hopes that the teams could gain experience in security attacks and defenses, and be more confident when facing the ever-changing security threats. It is not effective to deal with cybersecurity incidents through partnerless cybersecurity protection. In order to encourage enterprises to participate in cybersecurity exercises, TWCERT / CC is expected to hold another cybersecurity exercise in the fourth quarter. Interested enterprises are welcome to register as soon as possible, the moda said.
The moda pointed out that due to geographic and political factors, cybersecurity issues are of utmost importance to national security in Taiwan. Based on the national policy of "information security is national security", the moda has been actively promoting the introduction of Zero Trust Architecture and the Cross-Authority Data Transmission Specialized Channel (T-Road) in the public sector since its establishment last year. Also, the moda has been counseling Critical Infrastructure (CI) providers to strengthen the resilience and the capability of cybersecurity in accordance with the Information and Communications Security Management Act (ICMA).
In order to assist private enterprises other than those regulated by the ICMA to enhance their cybersecurity protection capacity, the moda has continuously subsidized the Taiwan Network Information Center (TWNIC) through its science and technology program funding to operate the TWCERT/CC. The TWCERT/CC serves as Taiwan's point of contact for international cybersecurity organizations, integrates the resources of both domestic and foreign cybersecurity organizations, raises private enterprises’ awareness of cybersecurity, and enhances their capacity. It also provides enterprises with free and first-hand information on domestic and foreign cybersecurity. If a cybersecurity incident occurs, the enterprise can notify the TWCERT/CC, consult with it for free, and ask for assistance.