Taiwan’s cybersecurity defenses are evolving rapidly to confront the increasing complexities of modern threats. At the forefront of this effort is the National Institute of Cyber Security (NICS), playing a pivotal role in enhancing the nation’s digital resilience. Through various initiatives, the NICS is driving Taiwan’s preparedness against ever-growing risks.
The NICS under the Ministry of Digital Affairs was established January 1, 2023, to advance the application, competence, and R&D of Taiwan’s cybersecurity technology.
In an in-depth interview with NICS President Lin Ying-dar, TOPICS Associate Editor Alex Myslinski explored the strategies and innovations driving Taiwan’s cybersecurity advancements. Below is a summary of the key insights from the discussion.

What are the key differences in cybersecurity investment between IT and OT infrastructure in Taiwan, and what makes OT systems a particular target for cyber attacks?

In Taiwan, the investment in protecting information technology (IT) far exceeds that of operational technology (OT) or critical infrastructure protection. By IT, we mean technology in the standard office environment. Meanwhile, OT includes factory or industrial control systems that operate power stations, gas pipelines, manufacturing facilities, transportation services, or telecommunications operators – all non-ordinary office spaces that are much less protected from security threats but just as susceptible to them. We see a lot of attacks on this infrastructure, and operators in these machine rooms require reinforcement.

The primary objective of these attacks is to disrupt services, rendering them inoperable and causing widespread inconvenience. In the case of telecom operations, the threat extends beyond disruption to include data theft. Attackers may intercept text messages or voice calls, filtering communications for sensitive information that could be exploited for espionage, financial gain, or further cyber attacks.

In addition to the government bodies that make up Taiwan’s critical infrastructure, there are around 1,700 public companies in Taiwan and 360,000 private companies with fixed IP addresses, leaving them vulnerable to attacks. Of the around 360,000 private companies, around 50,000 of them have investment capital exceeding NT$50 million and more than 100 staff members, so many of these are significant players.

What key initiatives will protect critical infrastructure and government systems in Taiwan?

We’ve formulated three critical programs. First, we’re forming a critical infrastructure protection team, known as “Team Taiwan.” This new team – initially composed of NICS staff – will work with key sectors to protect and enhance their digital systems. The second initiative focuses on conducting regular tabletop exercises designed to prepare chief information security officers (CISOs) from critical infrastructure providers for potential cyber incidents. These exercises will help CISOs develop effective response strategies, ensuring swift recovery in the event of an attack. The overarching goal is to build resilience at the executive level, fostering a culture of readiness and confidence in the face of cyber threats.

Our third objective is to develop an OT cyber range, a specialized testing environment where red teams – acting as attackers – simulate cyber threats, while blue teams – comprising an organization’s security personnel and engineers – defend against them. This initiative aims to create attack scenarios unique to each organization, many of which are often indirectly connected to the internet.

Although these programs have yet to be officially launched, small-group tabletop exercises have already been trialed. The exercises consist of a half-day training session, ideally delivered monthly once officially established, with follow-up exercises as needed to face a greater range of scenarios.

With regular practice of the tabletop exercises, CISOs will gain a comprehensive understanding of the scenarios they may encounter, the potential courses of action available to them, the effectiveness of each decision, and the corresponding anticipated outcomes. Over time, this hands-on experience will allow us to step back from hosting every training session. Instead, this specialized group of CISOs will evolve into the next generation of Team Taiwan.

This approach aims to foster a self-sustaining ecosystem of cybersecurity expertise, allowing the NICS to focus on designing new attack scenarios for participants to experience, gradually leading to a more comprehensive mechanism.

What challenges do you foresee in staying ahead of increasingly sophisticated cyber threats?

The next stage in the evolution of cybersecurity threats comes with the adoption of AI-driven tactics, introducing a new level of complexity to the ongoing battle. Unlike traditional automated malware, which follows a predetermined attack path, AI-enabled malware can analyze its environment and dynamically identify alternative routes when obstacles arise. This adaptability makes AI-based attacks significantly more difficult to defend against. They can continuously evolve, learn from defensive measures, and exploit vulnerabilities in ways that traditional automated threats cannot.

For blue teams to stay ahead in this evolving cybersecurity landscape, they must also harness the power of AI. The goal is to deploy AI-driven defense mechanisms that can detect and counter potential attack paths in a dynamic and adaptive manner. An even more sophisticated approach lies in the interplay between AI-driven red and blue teams.

As I like to think of it, training an AI blue team with an AI red team is akin to sharpening an “angel” by training it against a “monster.” The AI red team, acting as an adversary, forces the AI blue team to evolve, adapt, and become more resilient. In turn, the blue team AI challenges the red team AI, pushing it to refine its attack strategies. This creates a continuous cycle of mutual reinforcement, where each side strengthens the other through iterative challenges and improvements.

The challenge is immense. Staying ahead of AI-powered threats requires not only adopting these tools but also fully understanding and integrating them into defense strategies. AI doesn’t operate in isolation – it needs quality training data, skilled teams, and the right infrastructure. The future of cybersecurity lies in AI-powered red and blue teams, trained safely within a secure OT cyber range while ensuring the protection of the systems they are designed to defend.

How is the adoption of Zero Trust Architecture (ZTA) progressing in Taiwan?

While the concept of ZTA is well-established among global cybersecurity leaders, its adoption in Taiwan remains in its early stages. This security model defends against external threats and, more critically, mitigates internal attacks, in which an intruder has already gained access to a specific machine, computer, or domain.

ZTA ensures that every movement within an organization’s network requires authentication – in other words, no machine can trust any other machine. Blocking entry points prevents attackers from accessing new data and entering a client’s system. This security framework was launched nearly two years ago in Taiwan, but the deployment is lagging.

At this stage, the NICS serves as a tester of ZTA products available in Taiwan. Our role is to evaluate whether these products truly align with ZTA guidelines through external attack surface monitoring (EASM) and internal or identity attack surface monitoring (IASM).

The next step for the NICS includes developing a procedure to audit organizations that claim to have adequately integrated ZTA into their operations. The ongoing audits will help organizations comply with these new standards and adapt to a security-first mindset.

How do your approaches to EASM and IASM differ?

EASM focuses on identifying vulnerabilities that could be exploited by hackers. This process is conducted automatically using our programs, allowing for broader coverage and scalability. While EASM may not provide the same level of detail as manual penetration testing, it offers a significant advantage in scale, enabling us to conduct hundreds of tests within a week or two.

For IASM, our team deploys a program within an organization’s system, simulating the actions of a hacker to assess how far we can navigate through its network. The goal is to identify potential windows for lateral movement where an intruder could move undetected across different systems. If an organization lacks policies to restrict lateral movement or has not implemented ZTA protocols, the likelihood of successfully infiltrating and moving freely between systems is significantly higher.

What is the role of private technology providers in enhancing digital infrastructure security?

By participating in our evaluations, private sector organizations benefit both themselves and Taiwan. When the NICS identifies vulnerabilities in a system, it not only signals the need for the company to address the issue but also serves as an indicator to the administration that existing regulations may be insufficient. Such findings can prompt regulatory revisions or the introduction of more comprehensive measures to enhance cybersecurity resilience across industries.

The best way to illustrate our strategy with providers is through the lens of baseball: the NICS serves as the major league manager, but strong coaches – technology providers – are needed to guide the team, consisting of organizations. Coaches start out gaining experience and proving their value at the minor league level, or within their own operations, before advancing to a higher level of responsibility.

Through rigorous evaluations and continuous review, the NICS identifies which technology providers are ready to step up and contribute on a larger scale. This structured approach ensures that only those with demonstrated expertise and reliability are entrusted with critical roles in Taiwan’s cybersecurity landscape. We are actively reviewing the providers’ performance, helping those that fail to meet expectations with improvement.

The ranking of qualified and reliable “coaches” becomes transparent to all first-party organizations, enabling them to select providers with the highest scores or most relevant credentials to strengthen their security. For those providers that do not make the cut, their designation as “minor league players” will also be publicly available. This transparency serves as an incentive for them to enhance their offerings and compete for recognition alongside the major league qualifiers.

As the pool of high-ranking cybersecurity providers grows, the NICS can transition into a third-party oversight role, tracking progress and ensuring accountability. With this structure in place, Team Taiwan can effectively support all organizations while cultivating a competitive market that drives excellence, innovation, and scalability in cybersecurity services.

What’s your vision for the future development of this program?

My personal hope is that by creating cybersecurity scorecards with detailed benchmarking and insights, we can work with the Administration for Cyber Security to establish two think tanks – one covering policy regulations and another focusing on quantitative governance. The combined findings of these think tanks could produce a playbook that addresses anti-disinformation and anti-scam, especially on social networking platforms, to further fortify Taiwan’s cybersecurity defenses.