NSB needs to boost cybersecurity: report

PROFICIENCY:
More efforts are needed to upgrade the skills of National Security Bureau personnel to meet increasingly sophisticated attacks, the Budget Center said

• By Wu Su-wei
  and Jake Chung / Staff reporter, with staff writer

The National Security Bureau (NSB) should continue to step up training and other measures to boost its cybersecurity expertise, the Legislative Yuan’s Budget Center said in a report yesterday.

The bureau has demonstrated its capability to swiftly detect and deter Chinese hackers, but more hackers — Chinese and from other nations — are increasingly targeting the bureau in hopes of tapping into its network for information, the report said.

The bureau is the leading agency on intelligence and while then-NSB director-general Lee Shying-jow (李翔宙) had established the Internet Safety Division, or the 7th Division, it should continue to step up efforts to improve employees’ cybersecurity skills, it said.

The 7th Division is tasked with gathering and analyzing information from the Internet, researching and developing tools to aid in such endeavors, and maintaining counterhacking measures.

It is also to warn the country in the event of a looming cyberthreat.

As of last year, the proportion of NSB personnel who had obtained cybersecurity certificates had grown to 88.81 percent from 61.29 percent in 2015, but the certificates were only for first-level cybersecurity proficiency, the report said.

Security expert Chang Kuang-hung (張光宏) yesterday said that the bureau’s Internet resources were comparatively isolated and any attacks on the bureau were usually due to bad user habits opening “holes” and “back doors” for hackers to enter through.

The attacks on the NSB, regardless of model or behavior, are comparatively dull compared with cyberattacks that most Internet security services see in the private sector, he said.

Cyberattack tactics are always shifting and changing, and the bureau cannot just stand back and marvel at how the private sector “has reached this stage of expertise” when interacting with Internet security experts, he said.

Chang suggested that the bureau look into a few cases when it was attacked and create measures to prevent such incidents.

If the bureau is worried about information sensitivity, it could reach out to private-sector experts by hacking the Executive Yuan’s National Center for Cyber Security Technology and “repackaging” the case in question, allowing the bureau and civilian experts to interact freely on the subject, he said.

While there is no guarantee that the bureau would receive an immediate solution, reaching out would help it develop outside sources and foster stronger professional skills, he added.

Comments are closed.