Taiwanese officials are being targeted by phishing emails and texts as part of a week-long simulated cyber-war event billed as the first of its kind. The local government is co-hosting the tests with the American Institute in Taiwan, which represents US interests on the island. AIT said the focus was threats posed by “North Korea and other actors”.
But Taiwan has previously said that most of the cyberattacks it experiences come from mainland China. “Dealing with such attacks is like fighting a battle every day,” a Taiwanese official said last month. The exercises are set to run until Friday and will involve attempts to hack into government websites by fooling workers into accepting malicious communications. Private companies will also be challenged.
“For Taiwan, mainland China is viewed as one of the main sources of cyber-attacks on the island,” commented Veerle Nouwens from the UK-based Royal United Services Institute for Defence and Security Studies. “The Director-General of Taiwan’s Cyber Security Agency has been quoted as saying that the Taiwanese Government’s networks receive an estimated 30 million attacks a month, about half of which are suspected to come from China.
“However, irrespective of the originating country, strengthening cyber-security is increasingly a top priority for any government or private sector company.”
The Cyber Offensive and Defensive Exercises (Code) were officially launched by the AIT’s acting director, Raymond Greene, at an event hosted by Microsoft. He described the tests as marking a “new frontier” in cyber-co-operation between Washington and Taipei. “The biggest threats today are not troops landing on the beach but efforts by malign actors to use the openness of our societies and networks against us,” said Mr Greene.
“In many ways, cyber-threats are the most significant risk affecting all of us.” He added that attackers were seeking to undermine elections, compromise critical infrastructure and cripple financial trade. Officials from other countries, including Australia, Indonesia and Japan, are also taking part to challenge Taiwan’s defences.
The Code drills are based on a separate US-led international computer-attack simulation known as the Cyber Storm exercises, which are held every other year. According to the Global Taiwan Institute, the island had repeatedly asked to be involved in the last event in spring 2018 but was not invited to do so.
“The announcement that the United States is participating in Taiwan’s cyber-drills this year reflects the deepening of US-Taiwan security co-operation and dovetails other efforts under way between the United States and Japan to strengthen cyber-security co-operation,” blogged the US-based institute’s executive director, Russell Hsiao, last month.
AIT plans to follow up this week’s event with a “road show” in 2020, when it intends bring American cyber-security experts to Taiwan to host seminars at its science parks and other tech hubs. For its part, China has previously accused Taiwan of being involved in its own “infiltration and sabotage activities against the mainland”.