4. 3
Cabinet Level Taskforce
National Information and Communication
Security Taskforce
Convener: Vice Premier
Deputy Convener: Minister Without Portfolio
Minister of Ministry of Science and Technology
Co-Deputy-Convener: Senior Advisor to the President
Standard and Norm WG
Ministry of Economic Affairs
Education and HR WG
Ministry of Education
Audit WG
Ministry of Science and
Technology
Government Info &
Communication Security WG
Ministry of Science and
Technology
Cyberspace
Protection System
Ministry of Science and
Technology
Personal Info. Protection & Legal
System WG
Ministry of Justice
Cybercrime Prevention WG
Ministry of Interior
Cyber Environment Security WG
National Communication
Commission
National Center for
Cyber Security
Technology
Sub Working Group
National Defense(Ministry of National Defense)
e-Government(National Development Council)
Telecom(National Communication Commission)
Transportation(Ministry of Transportation)
Finance(Ministry of Finance)
Banking(Financial Supervisory Commission)
Healthcare(Ministry of Health and Welfare )
Cybercrime
Investigative System
Ministry of Justice
Ministry of Interior
NICST Secretariat
Office of Information and
Communication Security, EY
CIP System
Office of
Homeland
Security, EY
Other
System
Effected 2016/01/20
5. 4
Threat Intelligence, Analysis and
Sharing
4
Botnet
APT
Malware
SPAM
ThreatPrecursorAnalysis
ThreatIntelligenceGeneration
InformationSharing
Gov. Agencies
3,039 Agencies
CIIP Authorities
Telecom (NCC)/Banking(FSC)
Utilities & e-Commerce(MOEA)
Internet Service Provider
Gov.(GSN) /Academic
(TANET) /All private ISPs
MSSP
Chunghwa Telecom/Acer
TradeVAN/ISSDU, etc
International Cooperation
FIRST/APCERT/US-CERT
CERT-EU…etc
HoneyBEAR
HoneyNET
Botnet Tracer
G-ISAC
Government Information
Sharing and Analysis Center
G-SOC
Legend
HoneyBEAR: Behavior-based Email Anomaly Reconnaissance
NCC:National Communication Commission
FSC:Financial Supervisory Commission
MOEA:Ministry of Economic Affairs
GSN:Government Service Network
MSSP: Managed Security Service Provider
FIRST: Forum for Incident Response and Security Teams
Indicators
Of
Compromise
6. 5
Law and Regulation in progress,
Focusing on CIIP
ICT Security
Management Act and
Enforcement Rules
CIIP Steering Group
G-ISMS
CI Sector Specific
Guidelines
Common Baseline
Of CIIP
Utility
Water
Transportation
High Tech
Parks
Banking
& Finance
Comm. &
Broadcasting
Medical
CI Cyber Security
Committees
Law Supervise
Helpdefine
Provide
References Provide references
Define
CI Cyber Security Promotion Mechanisms
CI Sectors
Join
Execution
Government
ISMS Framework
• CIIP Steering Group is formed by NICST and MOST
• CI Cyber Security Committees is led by competent authority of that CI sector
Government
7. 6
PPP in Taiwan
I
n
s
t
i
t
u
t
i
o
n
s
G
o
v
GSN Op Team/ CEPD (2010/1)
MOI (2011/8)
DOJ (2012/3)
I
S
A
C
G-ISAC (2009/11)
NCC-ISAC (2010/2)
TWNIC (2010/2)
A-ISAC (2010/4)
F-ISAC (2017/4)
C
E
R
T
EC-CERT (2011/1)
TWCERT/CC (2015/1)
TWCSIRT (2016/1)
G
e
n
I
S
I
n
d
Trend Micro (2013/8)
FORTINET (2014/9)
ISSDU ( 2010/10)
CHT (2010/11)
ACER (2010/11)
TRADEVAN (2010/11)
AKER (2011/11)
2011/1/1 ~ 2016/6/30
60,980
135,527
84,210
107,405
76,757
33,374
79,260
144,079
90,311
112,516
84,027
36,749
0
20000
40000
60000
80000
100000
120000
140000
160000
100 101 102 103 104 105 (Q2)
ANA
EWA
INT
DEF
FBI
Total
Info Sharing
2011 2012 2013 2014 2015 2016
8. Regional Collaborations
● APEC as the major platform
–APCERT (Asia Pacific Computer Emergency
Response Team)
–APWG (Anti-Phishing Working Group)
–AVAR (Association of anti-Virus Asia Researchers)
–FIRST (Forum of Incident Response and Security
Teams)
● Regular interaction with other countries
–G-ISAC
–TWCERT
–JPCERT/CC, MyCERT KrCERT/CC
11. 10
Network Attacks on IoT and ICS
● Industrial control systems and IoT has become the
target of network attack
● Honeynet deployed by NCCST
– 28M events detected and 50K malware per year in the last 3
years, mainly from US, Russia, and China
– 180M events detected in 2016 and 110K malware
– Brute-force attack targeted at IoT devices has been increasing
dramatically
12. 11
Online Threats of Botnets
● 2015/10 – 2016/5, NCCST analyzed and identified
40,249 IoT/ICS being hacked
– A botnet distributed across 154 countries
– Informed 18 national CERTs
– More than 6,000 machines, total value US$4M
– 5G devices, heat pump controller, smart meters, IPC, DVR,
Web Camera, Router, Wi-Fi Aps and Set-Top Box, etc
– 160 companies including 10 in Taiwan
5G telco devices Industrial process
controller
Smart meters
Heat pump
controller
13. Taiwan IS Industry Value Chain in 2013
12
Data Center
Service Provider
New App. (device, forensic, vehicular)
Dealer
.5B
Digital Forensic
Product Makers
Encryption, AIO, content, threat,
system, ID management
.13B
Import
Logististic
.013B
E
G
IS Insurance
E
G
Personal Users
Wholesale
.017B
IS Service Providers
SI, Consultant, Training,
Digital Forensic, etc.
.163B
SI
Enterprise and Government
Telco
CHT, TWM,
FETNET, etc.
Outsourcing
Acer, CHT,
Tradevan,
ISSDU, etc.
Sales Agencies .82B
15. Examples of IS Companies
● Amorize
–Scanning open source vulnerability
–Proofpoint in 2013
● Xecure Lab
–Detecting and defending APT
–Verint in 2014
● Broadweb
–IPS ( Intrusion Prevention ) and DPI ( Deep Packet
Inspection )
–Trend Micro in
16. Taiwan IS Industry
● Encryption and Digital Forensic
– NST, WatchSoft, Sinpao, ISSDU, iForensic, etc
● Identity and Access Control
– Ecomuniversal, ARES, ChangingTec Foongtong, NST, Esecure, NewImage, etc.
● Cloud Securtiy
– T Cloud Computing (TrendMicro), Abocom, Hgiga, etc.
● Total solutions
– Zyxel, BroadWeb (TrendMicro), Abocom, HGiga, Sinpao, Axtronics, etc.
● System Integrator
– ACER, Stark Tech Inc, Bestcom, SYSCOM, Zero One Tech, SYSAGE, Ringline,
ARES, Fortune, CGS, Tradevan, etc.
● Outsourcing
– CHT, ACER, SYSCOM, Trend Micro, etc
● Insurance
– Fubon, FIRST Bank, AIG, etc
Editor's Notes
NCCST: National Center for Cyber Security Technology
CVE - Common Vulnerabilities and Exposures (CVE)
NICST: National Information and Communication Security Taskforce
BOST: Board of Science and Technology
MSSP: Managed Security Service Provider
NICST: National Information and Communication Security Taskforce
CIP: critical infrastructure protection?
APT: advanced persistent threat
CIIP: Critical Information Infrastructure Protection
MSSP: Managed Security Service Provider
G-SOC: Government Security Operations Center
G-ISAC: Government Information Sharing and Analysis Center