Minister of Digital Development Audrey Tang, right, answers lawmakers' questions at the legislature in Taipei yesterday alongside Premier Su Tseng-chang. Photo: Tien Yu-hua, Taipei Times
By Chen Cheng-yu and Liu Tzu-hsuan / Staff reporter, with staff writer
Taiwan should step up efforts to prevent hackers and cyberattacks through cultivation of a “red team” of testers, Minister of Digital Development Audrey Tang said at the legislature in Taipei yesterday.
During US House of Representatives Speaker Nancy Pelosi's visit to Taipei in August, many government agencies and private Web sites reported distributed denial of service (DDoS) attacks, while many convenience stores and infrastructure elements were hacked.
Saying that Taiwanese abhor cybercrime, independent Legislator Huang Kuo-shu (黄国书) asked the ministry whether it is confident about ensuring the nation's information security.
Tang said that when the attacks were reported during Pelosi's visit, the government distributed the data on the systems that had been attacked to other computers with novel content dissemination technologies to counter the attacks.
Departments in charge and system integrators learned from the experience how to rebuild the system using advanced technologies to protect them from further attacks, she said.
“Learning from the attacks is called tenacity,” she added.
Asked whether the ministry would proactively investigate and seize problematic information security products purchased from China by government agencies and the private sector, Tang said that it is a usual task carried out by the ministry and promised to focus more on preventing potential attacks.
Taiwan should develop its own “red team power” by ordering start-ups and information security companies to conduct regular health checks of their information security mechanisms, she said.
By “red team power,” she referred to the term “red team assessment” in information security — carrying out simulated attacks on businesses to test the security of their systems.
Random attacks would be launched at certain business targets during a designated period to test for information security loopholes and help businesses better protect their systems, she said.
News source: TAIPEI TIMES