In Avatar: The Last Airbender, the four nations of Fire, Water, Earth, and Air lived in harmony, until the Fire Nation started a war. Countries today are not named after elements, but they still rely on them for survival. Likewise, threats to them are present.

Cyber threats threaten not just IT and data systems, but also key resources countries depend on for survival, such as water and electricity. “The physical war and cyber war are merging together,” says Hong-wei Jyan, Director General of Taiwan’s Department of Cyber Security.

With cyber threats mounting as technology advances, Jyan shares the technologies Taiwan relies on for cyber defence, and how they train their workforce to defend important industries.

Using AI and blockchain for cyber defence 

Taiwan faces more than 10 million cyber attacks monthly, reveals Jyan. “We cannot analyse all of it using humans, so we use AI to discover patterns and similarities in the attacks,” says Jyan.

“Each attack has its own characteristics, like a digital fingerprint,” he adds. Some attacks are identifiable by their codes, while others are characterised by their behaviour or mode of attack.

For example, some groups tend to attack similar targets at the same time. Once AI identifies this pattern, it can determine which group launched the attack.

Taiwan has also turned to blockchain in its criminal investigations. The police department secures digital evidence with the tamper proof tech, Jyan shares.

The Department is working with police to study how they may stop criminals from transacting using digital currencies. Many hackers prefer to receive ransoms or illicit funds with blockchain as it’s harder to trace.

To enhance the cybersecurity of organisations nationwide, Taiwan implemented the Cyber Security Management Act in 2019. This act mandates that firms must define in detail their cybersecurity defenses, and requires them to have in place an incident response and recovery plan.

The Department of Cyber Security will also audit the cybersecurity processes of organisations to ensure that they are complying with the measures laid out by the act.

Protecting vital resources 

As cyber attacks become more complex, industries vital to citizens’ basic needs like water and electricity are in danger.

For instance, power plants are usually controlled by industry-specific systems instead of the typical IT systems, Jyan says. This can make it difficult for cyber teams to respond quickly if hackers shut the plant down, or to develop defenses that can prevent such attacks.

It is important to train experts who are familiar with these systems, he adds.

Cultivating talents in cybersecurity

To defend these sectors, “the first step is to train the people who are familiar with the control systems”, highlights Jyan. Taiwan plans to develop testbeds for training since exercises being held at the facilities managing key resources might disrupt citizens’ daily lives.

These testbeds can simulate cyber attacks and train those familiar with the control systems in cybersecurity measures, explains Jyan.

Besides training cybersecurity professionals, Taiwan is also working with academia and other ministries to train those in the private and public sectors. The Department of Cyber Security oversees these programmes and provides them with the budget and support they might need.

“We focus not only on the quantity of the programmes, but also the quality,” adds Jyan. A set of criteria is available to assess the results of the training programme based on the skills participants have learned.

Besides internal training, Taiwan also works with other countries to upskill workers through online cybersecurity exercises.

For example, it holds a biannual Cyber Offence and Defence Exercise, which brings together international cybersecurity experts to role play as either attackers or victims. These exercises allow countries to share new skills and knowledge with one another.

The same way the Fire Nation had the upper hand due to their more advanced forces, cyber threats too can win the cyber war if countries are ill-prepared. Tech, such as AI and blockchain, and training professionals are both important for countries to improve their cybersecurity.