To prepare for more targeted and sophisticated cyber attacks, governments need to ensure that three things are in place – governance around information security, good security IT solutions, and structured training for civil servants, Tsung Pei Kan, Chief of Information Security, National Policy Agency Taiwan told delegates at the SecureGov India Forum in New Delhi.

“Both countries face the challenge of Advanced Persistent Threat (APT), which is a long-term pattern of sophisticated hacking attacks aimed at government,” said Tsung, who added that Taiwan and India could learn a lot from each other around cyber security.

The National Police Agency of Taiwan receives more than 100 targeted malicious emails every day, which release malware when files are opened and potentially expose government information and data to hackers.

Similarly, Indian government agencies are often victims to malware, according to Tsung.

“A study by Trend Micro revealed that close to 50 per cent of compromised hosts are in India. Taking a period of two weeks in October, I found serious malware incidents on Indian government end devices,” he said.

Tsung described huge waves of information security attacks this year: “Examples of APT include GhostNet and Operation Aurora. In June, the world experienced Stuxnet, the first computer worm known to attack critical infrastructure system.”

He said the solution to the rising threat is to ensure information security governance is in place and for governments to invest in good IT solutions.

“Taiwan has an Advanced Security Threaten Management System (ASTMS) which automatically monitor and analyse threats,” he said.

“The ASTMS dashboard, which is available to all government employees, shows real-time information such as the top ten malicious emails, virus, malicious web sites, and so on.”

At the beginning of last year, the National Policy Agency released a free malware scanner on its web site, which could be downloaded easily by all citizens and could quickly detect and examine unknown malware.

Tsung said the most important preparation against cyber threats is training and creating awareness among government employees.

“I invest a big bulk of my budget every year to train my employees. Information security is not just the business of my team. Awareness must be level across the whole of the agency to create a secure environment.”