WCIT 2016 Jan Ming Ho

1. 【內部使用】
Cyber Security Overview of
Taiwan
Jan-Ming Ho
Consultant to the Executive Yuan (Cabinet)
Taiwan
Information provided by NCCST, III and TIER

2. 1
Defense-in-Depth Deployment Towards
Government-wide Situation Awareness
● Build government-wide situation awareness of cyber security
● Promote Public-private-partnership for better decision making
External
Threat
Existing
Vulnerability
Regulation
Compliance
Incident
Handling
1st Tier
MSSP
2nd Tier
Ｇ-SOC
3rd Tier
NICST
Actionable Intelligence
Government-Wide Situation Awareness
National-Level Decision Making Support
Co-defense
Detection Rule
Trend Statistics Classification Data Modeling Prediction
Monitoring
Data

3. 2
Early
Warning
Early
Warning
A Hierarchical Organization
National
CERT
National
ISAC
National
SOC
Domain CERT
Domain
ISAC
Domain SOC
CSIRT A
Enterprise A
CSIRT B
Enterprise B
CSIRT CSOC C
Enterprise C
MSSP
Early warning
Aide/Assistant
持續監控
Domain Situation Awareness
Situation Awareness at
National Level
M
Continuous
Monitoring
Event
Notification
Event
Notification
Continuous
Monitoring
Continuous
Monitoring

4. 3
Cabinet Level Taskforce
National Information and Communication
Security Taskforce
Convener: Vice Premier
Deputy Convener: Minister Without Portfolio
Minister of Ministry of Science and Technology
Co-Deputy-Convener: Senior Advisor to the President
Standard and Norm WG
Ministry of Economic Affairs
Education and HR WG
Ministry of Education
Audit WG
Ministry of Science and
Technology
Government Info &
Communication Security WG
Ministry of Science and
Technology
Cyberspace
Protection System
Ministry of Science and
Technology
Personal Info. Protection & Legal
System WG
Ministry of Justice
Cybercrime Prevention WG
Ministry of Interior
Cyber Environment Security WG
National Communication
Commission
National Center for
Cyber Security
Technology
Sub Working Group
National Defense(Ministry of National Defense)
e-Government(National Development Council)
Telecom(National Communication Commission)
Transportation(Ministry of Transportation)
Finance(Ministry of Finance)
Banking(Financial Supervisory Commission)
Healthcare(Ministry of Health and Welfare )
Cybercrime
Investigative System
Ministry of Justice
Ministry of Interior
NICST Secretariat
Office of Information and
Communication Security, EY
CIP System
Office of
Homeland
Security, EY
Other
System
Effected 2016/01/20

5. 4
Threat Intelligence, Analysis and
Sharing
4
Botnet
APT
Malware
SPAM
ThreatPrecursorAnalysis
ThreatIntelligenceGeneration
InformationSharing
Gov. Agencies
3,039 Agencies
CIIP Authorities
Telecom (NCC)/Banking(FSC)
Utilities & e-Commerce(MOEA)
Internet Service Provider
Gov.(GSN) /Academic
(TANET) /All private ISPs
MSSP
Chunghwa Telecom/Acer
TradeVAN/ISSDU, etc
International Cooperation
FIRST/APCERT/US-CERT
CERT-EU…etc
HoneyBEAR
HoneyNET
Botnet Tracer
G-ISAC
Government Information
Sharing and Analysis Center
G-SOC
Legend
HoneyBEAR: Behavior-based Email Anomaly Reconnaissance
NCC：National Communication Commission
FSC：Financial Supervisory Commission
MOEA：Ministry of Economic Affairs
GSN：Government Service Network
MSSP: Managed Security Service Provider
FIRST: Forum for Incident Response and Security Teams
Indicators
Of
Compromise

6. 5
Law and Regulation in progress,
Focusing on CIIP
ICT Security
Management Act and
Enforcement Rules
CIIP Steering Group
G-ISMS
CI Sector Specific
Guidelines
Common Baseline
Of CIIP
Utility
Water
Transportation
High Tech
Parks
Banking
& Finance
Comm. &
Broadcasting
Medical
CI Cyber Security
Committees
Law Supervise
Helpdefine
Provide
References Provide references
Define
CI Cyber Security Promotion Mechanisms
CI Sectors
Join
Execution
Government
ISMS Framework
• CIIP Steering Group is formed by NICST and MOST
• CI Cyber Security Committees is led by competent authority of that CI sector
Government

7. 6
PPP in Taiwan
I
n
s
t
i
t
u
t
i
o
n
s
G
o
v
GSN Op Team/ CEPD (2010/1)
MOI (2011/8)
DOJ (2012/3)
I
S
A
C
G-ISAC (2009/11)
NCC-ISAC (2010/2)
TWNIC (2010/2)
A-ISAC (2010/4)
F-ISAC (2017/4)
C
E
R
T
EC-CERT (2011/1)
TWCERT/CC (2015/1)
TWCSIRT (2016/1)
G
e
n
I
S
I
n
d
Trend Micro (2013/8)
FORTINET (2014/9)
ISSDU ( 2010/10)
CHT (2010/11)
ACER (2010/11)
TRADEVAN (2010/11)
AKER (2011/11)
2011/1/1 ~ 2016/6/30
60,980
135,527
84,210
107,405
76,757
33,374
79,260
144,079
90,311
112,516
84,027
36,749
0
20000
40000
60000
80000
100000
120000
140000
160000
100 101 102 103 104 105 (Q2)
ANA
EWA
INT
DEF
FBI
Total
Info Sharing
2011 2012 2013 2014 2015 2016

8. Regional Collaborations
● APEC as the major platform
–APCERT (Asia Pacific Computer Emergency
Response Team)
–APWG (Anti-Phishing Working Group)
–AVAR (Association of anti-Virus Asia Researchers)
–FIRST (Forum of Incident Response and Security
Teams)
● Regular interaction with other countries
–G-ISAC
–TWCERT
–JPCERT/CC, MyCERT KrCERT/CC

9. CYBERSECURITY ECONOMY IN
TAIWAN

10. Total
% of IS
Events
Virus
Data
Theft
Malicious
Ware
DDOS
Hack/
Deface
Equip
Damage
Subtotal 22.26% 52.77% 5.58% 32.11% 15.34% 10.52% 7.85%
Industry 12.20% 66.90% 20.50% 41.70% 22.80% 17.30% 17.30%
Gov Inst 21.97% 41.12% 0.93% 13.40% 3.12% 9.66% 8.41%
Schools 32.70% 58.50% 4.40% 46.20% 24.10% 8.80% 3.80%
Information Security Threats

11. 10
Network Attacks on IoT and ICS
● Industrial control systems and IoT has become the
target of network attack
● Honeynet deployed by NCCST
– 28M events detected and 50K malware per year in the last 3
years, mainly from US, Russia, and China
– 180M events detected in 2016 and 110K malware
– Brute-force attack targeted at IoT devices has been increasing
dramatically

12. 11
Online Threats of Botnets
● 2015/10 – 2016/5, NCCST analyzed and identified
40,249 IoT/ICS being hacked
– A botnet distributed across 154 countries
– Informed 18 national CERTs
– More than 6,000 machines, total value US$4M
– 5G devices, heat pump controller, smart meters, IPC, DVR,
Web Camera, Router, Wi-Fi Aps and Set-Top Box, etc
– 160 companies including 10 in Taiwan
5G telco devices Industrial process
controller
Smart meters
Heat pump
controller

13. Taiwan IS Industry Value Chain in 2013
12
Data Center
Service Provider
New App. (device, forensic, vehicular)
Dealer
.5B
Digital Forensic
Product Makers
Encryption, AIO, content, threat,
system, ID management
.13B
Import
Logististic
.013B
E
G
IS Insurance
E
G
Personal Users
Wholesale
.017B
IS Service Providers
SI, Consultant, Training,
Digital Forensic, etc.
.163B
SI
Enterprise and Government
Telco
CHT, TWM,
FETNET, etc.
Outsourcing
Acer, CHT,
Tradevan,
ISSDU, etc.
Sales Agencies .82B

14. 2014 2015 2016 (e) 2017 (f) 2018 (f)
台灣市場規模 312 353 393 432 469
成長率 12.2% 13.2% 11.4% 9.7% 8.5%
0%
2%
4%
6%
8%
10%
12%
14%
0
50
100
150
200
250
300
350
400
450
500
IS Market in Taiwan
CAGR: 10.7%
Market Size
Growth Rate
1.04B 1.18B 1.31B 1.44B 1.18B

15. Examples of IS Companies
● Amorize
–Scanning open source vulnerability
–Proofpoint in 2013
● Xecure Lab
–Detecting and defending APT
–Verint in 2014
● Broadweb
–IPS ( Intrusion Prevention ) and DPI ( Deep Packet
Inspection )
–Trend Micro in

16. Taiwan IS Industry
● Encryption and Digital Forensic
– NST, WatchSoft, Sinpao, ISSDU, iForensic, etc
● Identity and Access Control
– Ecomuniversal, ARES, ChangingTec Foongtong, NST, Esecure, NewImage, etc.
● Cloud Securtiy
– T Cloud Computing （TrendMicro）, Abocom, Hgiga, etc.
● Total solutions
– Zyxel, BroadWeb (TrendMicro), Abocom, HGiga, Sinpao, Axtronics, etc.
● System Integrator
– ACER, Stark Tech Inc, Bestcom, SYSCOM, Zero One Tech, SYSAGE, Ringline,
ARES, Fortune, CGS, Tradevan, etc.
● Outsourcing
– CHT, ACER, SYSCOM, Trend Micro, etc
● Insurance
– Fubon, FIRST Bank, AIG, etc