Good IT governance and more sophisticated
training for civil servants have been recommended as solutions to
dealing with cyber security threats.
To prepare for more targeted and sophisticated cyber attacks,
governments need to ensure that three things are in place – governance
around information security, good security IT
solutions, and structured training for civil servants, Tsung Pei Kan,
Chief of Information Security, National Policy Agency Taiwan told
delegates at the SecureGov India Forum in New Delhi.
“Both countries face the challenge of Advanced Persistent Threat (APT),
which is a long-term pattern of sophisticated hacking attacks aimed at
government,” said Tsung, who added that Taiwan and India could learn a
lot from each other around cyber security.
The National Police Agency of Taiwan receives more than 100 targeted
malicious emails every day, which release malware when files are opened
and potentially expose government information and data to hackers.
Similarly, Indian government agencies are often victims to malware, according to Tsung.
“A study by Trend Micro revealed that close to 50 per cent of
compromised hosts are in India. Taking a period of two weeks in October,
I found serious malware incidents on Indian government end devices,”
Tsung described huge waves of information security attacks this year: “Examples of APT
include GhostNet and Operation Aurora. In June, the world experienced
Stuxnet, the first computer worm known to attack critical
He said the solution to the rising threat is to ensure information
security governance is in place and for governments to invest in good IT solutions.
“Taiwan has an Advanced Security Threaten Management System (ASTMS) which automatically monitor and analyse threats,” he said.
“The ASTMS dashboard, which is available to
all government employees, shows real-time information such as the top
ten malicious emails, virus, malicious web sites, and so on.”
At the beginning of last year, the National Policy Agency released a
free malware scanner on its web site, which could be downloaded easily
by all citizens and could quickly detect and examine unknown malware.
Tsung said the most important preparation against cyber threats is training and creating awareness among government employees.
“I invest a big bulk of my budget every year to train my employees.
Information security is not just the business of my team. Awareness must
be level across the whole of the agency to create a