2023.08 The Taiwan Banker NO.164 / By Hank Huang (黃崇哲)
Taiwan and the US deepen their joint cybersecurity defenseEditor's Note
Four months before the March 2011 earthquake in Japan, the Fukushima nuclear power plant conducted a comprehensive disaster prevention training exercise in accordance with the Act on Special Measures Against Nuclear Disasters. Several months later, this drill guided follow-up work for the employees of Fukushima. It also reduced hesitation when disaster struck, minimizing losses to the extent possible. A disaster mindset is critical, especially with the advent of fintech. Data utilization and cloud migration have become essential for the next stage of development, yet cybersecurity challenges show no sign of receding. Even as innovation provides more convenience, it also exposes consumer information and institutional assets to ever more online hazards. These risks are diverse, ranging from individual hackers trying to steal account passwords, to terrorist groups aiming to destabilize financial markets. Each of these threats require comprehensive identification, protection, detection, response, and recovery. In Taiwan, due to its geopolitical situation, hackers may provoke troubles or hide bugs from time to time, waiting for the right moment. In response, we need more drills on preparation and incident response. On this note, TABF co-hosted the Taiwan-US Financial Security Forum at the end of June with the American Institute in Taiwan (AIT). Three experts from the Office of Cyber Security and Critical Infrastructure Protection (OCCIP) of the US Department of the Treasury were invited shared the US experience. The event also created the opportunity to bring together financial and cybersecurity sector executives in Taiwan to communicate with the US. The main function of OCCIP is to coordinate and integrate the financial security capabilities of the US public and private sectors, and seek best practices in response to threats. In 2020, OCCIP assisted the G-7 to release the G-7 Fundamental Elements of Cyber Exercise Programmes, which provides a guide to tasks during offensive and defensive network drills. International institutions such as OCCIP can be of great assistance to help Taiwanese financial institutions rehearse threat scenarios. This kind of Taiwan-US cooperation has also been personally attended and affirmed by President Tsai Ying-Wen, who has long emphasized that “national security is cybersecurity.” In addition to establishing the Ministry of Digital Affairs and the National Information Security Research Institute, the president has also continued to promote related international cooperation. For example, in 2022, Taiwan became a member of the US Forum of Incident Response and Security Teams (FIRST), and the administration has signed MOUs with financial security organizations in many countries, established cooperation channels, and further expanded international cooperation for Taiwan’s financial security. Although improving Taiwan’s cybersecurity will be a big job, security measures will help protect banks, credit customers, and depositors, making them an important asset for banks. Disasters often have warnings, but only for those who are well-prepared. It is great to see the teams from Taiwan and the US start a dialogue, exchanging thinking on risk awareness and incident response. In addition to hot war military drills, I also look forward to Taiwan and the US starting to plan joint drills to improve the ability of the industry to handle security risks. It will be better if we can make use of Taiwan's own cybersecurity industry. However, before doing these drills, financial executives must first pay attention to the salaries and levels of cybersecurity personnel, laying a foundation for other preparations.