Taiwan's Cyber Infrastructure For Natural Disaster Response
How Taiwan Maintains Digital Connectivity During a National Crisis
Overview
The delicate balance of maintaining robust communication networks is tested most severely in the face of natural disasters. Taiwan, a nation sitting precariously on the tectonic Pacific "Ring of Fire," faced yet another test of resilience with the recent 7.2 earthquake, originating just off its east coast. Rescue efforts are still underway, as the country searches for missing people among the rubble of buildings and roads.
While the quake caused physical destruction and harm, it also presented a critical examination of the island's cyber infrastructure—a defense against not only the tremors of the earth but also the tremors of opportunistic cyber threats.
In the immediate aftermath of the earthquake, Taiwan's Ministry of Digital Affairs (moda) emerged as a beacon of preparation and forward-thinking. According to Reuters, the ministry, operational since 2022, reported that the nation's networks remained largely unaffected, especially internet services, underscoring a testament to Taiwan’s commitment to digital resilience1. But this resilience does not exist in a vacuum. It stands vigil against the looming threat of cybercriminals who prey on the vulnerability of communities during such crises.
This article will provide a comprehensive analysis of Taiwan's cybersecurity infrastructure and its pivotal role in safeguarding communication, network connectivity, internet access, and the government’s strategies to not only preempt but actively counter cyber threats during the chaos of natural disasters.
Analysis
Cybercriminals Take Advantage of Crisis
The specter of cyber attacks in the aftermath of natural disasters is not unique to Taiwan. It is during such times that nations are most susceptible to cyber predators. Hackers, akin to digital marauders, exploit the disarray, targeting critical infrastructure with an onslaught of cyber assaults. This nefarious trend underscores a grim reality: cyber attacks often follow closely on the heels of natural disasters, looking to deepen the chaos already inflicted by nature itself.
The aftermath of such crisis creates an environment of confusion and urgency that is ripe for exploitation by cyber predators. Hackers are known to launch ransomware attacks, leveraging the desperation of the situation to extort funds by holding essential services hostage. This could involve encrypting the data of hospitals, emergency response systems, or utilities, effectively paralyzing the recovery efforts and compounding the impact of the disaster.2
Unfortunately, this trend that has been observed globally and is acutely relevant to Taiwan. As Cloudflare Radar, an excellent source for nationwide internet traffic and attack data, reported the heightened volume of application and network attacks targeting Taiwan during the earthquake and its immediate aftermath.3
While Taiwan is regularly a top cyberattack target globally, it faced significant threats from attackers aiming to disrupt services by exploiting vulnerabilities in web applications during the time of the earthquake. Likewise, its network layer witnessed a similar spike in Distributed Denial of Service (DDoS) attacks, a type of cyber attack that floods a network or server with excessive traffic to overwhelm it and block legitimate users' access.
Taiwan, cognizant of this dual threat, has taken note of patterns observed internationally. For example, in the United States, states like Louisiana and Florida have witnessed an exponential increase in cyber attacks in the aftermath of hurricanes. This connection between physical disasters and spikes in cybercriminal activity has prompted Taiwan to take proactive measures to shield itself. The drills and simulations conducted as part of Operation Homeland Defender serve as an example of how serious these threats are taken. The scenario involved a simulated earthquake followed by a cyber attack, precisely mirroring the sequence of events that could occur in reality. Such drills are essential in preparing the nation’s cybersecurity personnel to quickly differentiate between issues caused by physical damage and those resulting from malicious cyber activities.
As emphasized by Doug Howard from GovTech, the criticality of timely and accurate identification of the source of disruptions. If a water system fails after an earthquake, it might be hastily attributed to physical damage when, in reality, it could be a cyber attack aimed at taking advantage of the disaster. Recognizing and responding to the true cause of the failure is vital, as any delay could have catastrophic consequences, potentially costing lives.
By understanding the complex reality, Taiwan continues to build a responsive and dynamic cyber defense framework. This involves continuous monitoring, intelligence sharing, and real-time defense mechanism adjustments, which are all critical in mitigating the compounded chaos caused by cyber attacks in the vulnerable period following natural disasters. But, how?
MODA
To contend with such multifaceted threats, the Taiwanese government has deployed a strategic three-part framework, as outlined by the Ministry of Digital Affairs (moda). Their approach is a comprehensive one, aiming to enhance the resilience of communication networks across land, sea, and air, to fortify network transmission protection, and to popularize the construction of broadband communication networks. These strategies are designed to ensure continuity of service, protect against the disruption of key infrastructures, and bridge the digital divide that can exacerbate vulnerabilities during emergencies4.
Strategy 1
The first of their strategies aims to construct a effective emergency communication network that spans the land, sea, and air. This is a forward-thinking approach to address potential failures in commercial communication networks during emergencies. The idea is to develop a diverse and heterogeneous network that ensures continuity of communication for the general public, disaster relief systems, and government command systems. In practical terms, this involves enhancing the resilience of sub-marine cables, which are often the lifelines of global communication but are vulnerable to seismic activities. Additionally, implementing disaster roaming mechanisms can provide uninterrupted mobile services when regional networks falter. By establishing Public Protection and Disaster Relief (PPDR) communication systems and deploying asynchronous satellite emergency communication networks, Taiwan aspires to create a seamless communication experience, even when traditional networks are compromised.
Strategy 2
The second strategy focuses on reinforcing network transmission protection. Here, moda underscores the indispensable need to shield critical infrastructure within the communication and broadcasting sectors. The oversight extends to the development of CI protection plans and information security maintenance protocols. Preventive measures and rapid response systems are implemented to tackle a range of threats, from natural disasters to terrorist attacks and cybersecurity breaches. Through the National Cybersecurity and Communications Integration Center (NCCSC), the operational status of critical infrastructures is monitored in real-time. The center is crucial in cybersecurity defense, sharing valuable intelligence—amounting to hundreds of thousands of pieces of cybersecurity information—that aids public and private entities in bolstering their defenses against cyber intrusions.
Strategy 3
The third strategy is to democratize the reach of broadband communication networks. Recognizing the digital divide as a potential exacerbator of vulnerabilities during emergencies, moda pushes to popularize broadband access. The focus is not just on expanding coverage but also on enhancing the quality of these networks. The push towards a 5G infrastructure rollout exemplifies this, with subsidies provided to expand 5G coverage, even in remote areas, thus improving the national radio population coverage rate significantly. These efforts aim to create a more inclusive digital society where every citizen can access high-speed communication, an essential tool for information dissemination and emergency communication in today's connected world.
This triad of strategies laid out by moda forms the backbone of Taiwan's approach in the face of cyber threats compounded by natural disasters. They not only safeguard the existing digital infrastructure but also ensure equitable access to communication technologies across the nation. As Taiwan fortifies its cyber defenses through these comprehensive strategies, it sets a global benchmark for cyber resilience in the face of natural disasters, recognizing the integral role that communication networks play in both emergency response and societal stability.5
TWCERT
Crucial to these strategies is the recognition that the digital environment requires as much protection as the physical. As hackers' tactics evolve, so too must the defenses. The Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC), Taiwan's vanguard in cybersecurity reporting, response, and coordination, plays a pivotal role in protecting it's cyber infrastructure, particularly in times when natural disasters amplify Taiwan's vulnerability to cyber attacks. As an aggregator and distributor of vital cybersecurity information, it serves Taiwan as the nation’s first line of defense. By tracking and analyzing cyber threat patterns, TWCERT provides timely warnings and advisories that are necessary for maintaining cyber hygiene and preparedness within critical infrastructure sectors. Recognizing the evolving nature of cyber threats, it has positioned itself as a central figure in the nation’s cyber defense, staying vigilant against an ever-changing threat landscape.
As central as it is, TWCERT has adapted to the evolving battlefield by forming alliances with private sector entities like Taiwanese company, Zyxel Communications Corporation. These partnerships not only enhance technical support but also solidify a collective defense system, bolstering Taiwan's self-defensive capacity in cybersecurity.
The alliance with Zyxel is emblematic of TWCERT’s strategy to bridge public and private cybersecurity efforts. Zyxel, with over two decades of experience in internet communication and cybersecurity, brings valuable expertise to the table. Such public-private partnerships are integral to Taiwan’s cybersecurity strategy, as they allow for sharing best practices, technology, and intelligence that enhance the overall security posture of the nation. Zyxel’s capabilities, especially in malware analysis and network security solutions, augment TWCERT's existing tools and resources, creating a synergistic effect in defending against cyber threats.6
These collaborative efforts provide a layered defense strategy, which is particularly beneficial during natural disasters when traditional communication lines may be compromised. By having a potent mechanism in place for cyber incident reporting and response, TWCERT, along with its partners, can quickly identify and address security incidents that could otherwise exacerbate the impact of a natural disaster.
For example, in the wake of an earthquake, if a cyber attack were to target emergency services or infrastructure like power and water systems, the rapid response facilitated by TWCERT could mean the difference between a quick recovery and a prolonged state of emergency.
Furthermore, TWCERT’s proactive measures, such as organizing cybersecurity drills and awareness campaigns, contribute to enhancing the maturing posture of Taiwan’s cyber infrastructure. These drills, often conducted in collaboration with various stakeholders, simulate cyber attacks during disaster scenarios, ensuring that both public and private sectors are prepared to respond effectively to real incidents. This preparedness is vital for minimizing the window of opportunity for cybercriminals looking to capitalize on the disruptions caused by natural disasters.
Resilience to Internet Outages
While moda and TWCERT have been instrumental in conceptualizing the protective measures, the practical aspects of internet resilience are underscored by instances of limited outages that demonstrate the hardiness of the existing infrastructure.
According to the Internet Society Pulse, the localized nature of the internet outages that did occur points to a hardened infrastructure that can withstand the immediate shocks of a natural disaster.
The key lies in the decentralized nature of Taiwan's internet architecture—characterized by multiple landing points and a network of sub-marine cables that skirt the island’s perimeter, as specified in moda’s Strategy 1 of it’s three-part framework. Such a design ensures that if one node is compromised, others can take over, thus maintaining the continuity of communication, which is crucial in the wake of a disaster.7
This outcome is not a product of chance but rather a result of deliberate planning and investment in a multifaceted internet infrastructure that anticipates and mitigates against a range of disaster scenarios. By designing an infrastructure that distributes risk and avoids single points of failure, Taiwan has minimized the potential for widespread outages. This approach has paid dividends, as the limited outages have primarily affected the "last mile" of connectivity—localized areas closest to the consumers and furthest from the core of the network, often due to power losses rather than failures in the internet backbone itself.
Moreover, the resilience demonstrated by Taiwan can be seen in the swift restoration of services following the earthquake. Taiwan’s National Communications Commission (NCC) reported that while 172 base stations were affected, the disruptions were promptly managed, reflecting not just the fortitude of the infrastructure but also the efficiency and preparedness of response protocols in place.
Taiwan's ability to keep internet disruptions localized has far-reaching implications. As highlighted by instances from the past, such as the 2006 earthquake that severely impacted internet speeds across Asia due to damaged undersea cables, the implications of such outages can be regional or even global. The significant improvements in the design of the infrastructure since then have ensured that similar events now have minimal impact beyond Taiwan's borders.
Impact
However, the challenge remains significant. The Straits Times highlighted the complexities of Taiwan's situation—a delicate geopolitical stance and the looming threat of conflict that adds an additional layer of urgency to building digital resilience. The prospect of a total communications blackout is a scenario for which Taiwan is urgently preparing, considering both natural and human-made disasters. Plans to build a network of satellite receivers across the nation for redundancy in communications highlight the lengths to which Taiwan is willing to go to maintain its sovereignty and safety.8
In the context of crisis management and cybersecurity, Taiwan's approach is not merely reactive but profoundly proactive. It's leaders have dissected past incidents, drawing lessons and strategies to cope with the dual threats of nature's unpredictability and human malice. The establishment of robust, redundant communication pathways and the development of a collaborative public-private cybersecurity framework exemplify Taiwan's commitment to resilience in the face of adversity. In essence, the case of Taiwan's internet infrastructure goals serves as a benchmark for other nations vulnerable to natural disasters.
One vital area of potential international collaboration is with Australia. Given Taiwan's experience dealing with both natural and cyber threats, there is a substantial opportunity for Australia to enhance its cybersecurity capabilities through informal channels of cooperation. Despite the formal limitations imposed by the one-China policy, which restricts official governmental interactions, local governments and community organizations in Australia could leverage Taiwan’s extensive expertise in cybersecurity. This could include adapting Taiwan’s strategies for combating cyber threats and managing crisis situations, areas where Taiwan has demonstrated significant proficiency. Engaging with Taiwan on these fronts could greatly benefit Australia, helping to fortify its defenses against increasing cyber attacks while navigating the complex geopolitical landscape that influences such collaborations.9
Overall, Taiwan’s experience provides valuable lessons in the importance of proactive investment in infrastructure, the necessity of diversifying risk, and the critical nature of rapid response capabilities—all of which contribute to a nation's overall digital resilience in times of crisis.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.