Written by Robyn Klingler-Vidra.

More than 2 billion data records were stolen in 2017, according to CB Insights. As the sophistication and deviousness of hackers continues to grow, individuals and firms have an increasing need to protect themselves. The response to cybersecurity threats is not down to individual people or companies – especially not in Taiwan.

The Taiwanese government has been particularly proactive in launching government departments, creating new military units and passing legislative acts to advance its ability to protect against threats since the dawn of the 21st century. The National Security Council formulated the National Information and Communication Infrastructure Security Mechanism Plan in 2000. A few months later, in January 2001, the National Information and Communication Security Taskforce was created. Despite early efforts, headlines have blared about the raging cyber war between the PRC and ROC since a high-profile 2003 attack on Taiwanese government websites and a leading tech firm’s networks. There was a particular frenzy of hacks between 2014 and 2016, targeting government agencies, leading technology firms and the Democratic Progressive Party (DPP).

In the equivalent of turning lemons into lemonade, the Taiwanese government, as part of its strategy, is increasingly promoting cybersecurity as an industry in which the country excels. In April 2018 the government created a Cabinet-level cybersecurity academy to increase the availability of cybersecurity talent in the government, given recent concerns of a shortage (the government is said to have a deficit of 552 cybersecurity professionals). Cybersecurity is conceptualised as a driver of employment, economic growth and national security through the government’s policy of  “cyber autonomy.” The interest in promoting cyber as an industrial sector is simple: with all the experience Taiwanese engineers have in responding to – and detecting – cyber-attacks, they have a competitive advantage. Clients from around the world approach Taiwan’s security specialists as they have often been the first to be targeted by new techniques developed by mainland hackers. Why not channel that into business opportunity? So for the government, the aim in propelling cybersecurity is two-fold: mitigating security risk and advancing a growing sector of the economy.

Perhaps the most significant government action came in August 2016, when the Executive Yuan established the Department of Cybersecurity. President Tsai Ing-wen then elevated cybersecurity beyond the world of technologists and the economy in June 2017 by declaring that “cybersecurity is national security.” This statement came as she formally established the Information Communication Electronic Force Command (ICEF), an independent military cyber command. Taiwan’s “cyber fourth service” would be the front line in the (unofficial) battle against the mainland’s hacker army.

In May 2018, Taiwan’s Legislative Yuan passed the Cybersecurity Management Act that requires “Providers of Critical Infrastructure” to maintain a “safe, stable and secure cyber environment”. In addition to government entities, the Act applies to key industries, including energy, water, information technology and telecommunications, transport and traffic, banks and finance, emergency rescue and hospitals, central and local authorities and high technology parks. In effect, the Act strives to protect Taiwanese individuals and firms from hackers by requiring that firms operating in these crucial arenas have a Cybersecurity Maintenance Plan.

As evidence of the prominence of cybersecurity on the agenda, in May 2018, cybersecurity was even named as a key arena for cooperation in the annual U.S.-Taiwan business summit.

Though a key focus, defence against cyber-attacks is not bullet proof. This August, the jewel in the crown of Taiwan’s technology industry, Taiwan Semiconductor Manufacturing Co., had a virus spread across its production facilities (though TSMC maintains that they weren’t hacked).

Whilst cybersecurity could be an area of strength for Taiwanese entrepreneurs, some analysts warn that the advantage is not clear cut. In The Diplomat in January 2018 Philip Hsu contends that China’s rate of cyber espionage vis-à-vis the U.S. has slowed down in recent years, so the value of Taiwan’s expertise will decline. The other concern he raises is that Taiwanese firms and government, if constantly in the crosshairs of cyber-attacks from the PRC, pose significant risk to worldwide partners. This inherent risk could leave foreign firms and governments wondering: is the partnership worth the exposure?

This is why the Taiwanese government – at the highest levels – has elevated efforts to defend its economy, its citizens and the state itself from cyber-attacks. Taiwanese firms want to show that they are not susceptible to attacks. This may be why TSMC did not admit that this summer’s production floor virus was in fact a malicious hack. The Taiwanese government wants to assure citizens that their data is safe, and foreigners that they are not at risk as a result of doing business with Taiwanese firms, or on Formosa island. There is some evidence that this is working: in August 2018 Amazon picked New Taipei City for its latest innovation centre.

As an analyst of the Taiwanese developmental state, I wonder: could cybersecurity not be the 21st century’s technology opportunity that semiconductors were in the late 20th century? Comparatively, the Taiwanese state was better, through entities such as ITRI, at supporting phenomenal hardware capabilities, than it was in producing “unicorns” in software. As cybersecurity is elevated in importance, how will Taiwan’s developmental state fair? It may be that the military support, rather than government research labs, serves as the engine of support. Military prowess has been part of the story in Israel, where a striking number of successful startups are led by engineers who were in top computer units in the army. As chronicled in The Startup Nation, once discharged from military services, Israeli’s excellent programming skills have been effectively translated into civilian applications that have gone on to become unicorns and/or list on NASDAQ. In the Taiwanese context, my reading is that the “white hat” unit of talented hackers working to protect Formosa Island online could translate into a bank of entrepreneurial talent poised to build world-leading cybersecurity companies. But as in Israel, the challenge is ensuring that the “on the job” experience of national service isn’t too overwhelming.

Robyn Klingler-Vidra is a Lecturer in Political Economy at King’s Collage London, Department of International Development and author of The Venture Capital State: The Silicon Valley Model in East Asia. From 2013-2016 she was the Head of Policy Research at the Coller Institute of Venture at Tel Aviv University. Image credit: CC by Blogtrepreneur/Flickr

Leave a Reply

Your email address will not be published. Required fields are marked *