Building Diverse and Heterogeneous Digital Resilience

Agenda

14:00-14:05  Introduce
14:05-15:45  Panel Discussion

  • Moderator:
    Chan, Nicole T. I. ─Vice Chair, Digital Transformation Association
  • Penelists:
    Lin, Max─ Government & Public Services Leader, Health Care Sector Leader Risk Advisory Managing Partner, Deloitte
    Zheng, Ming-Zong ─Director, Department of Communications and Cyber Resilience, Ministry of Digital Affairs
    Chien, Lien-Kwei ─Professor, Department of Harbor and River Engineering, National Taiwan Ocean University
    Su, Tzu-yun─Research Fellow and Director, Division of Defense Strategy and Resources, Institute for National Defense and Security Research
15:45-16:00  Q&A

**Presentation Download <Provided with the consent of the speaker>**

Lin, Max 
Government & Public Services Leader, Health Care Sector Leader Risk Advisory Managing Partner, Deloitte

Presentation Download

Lin’s presentation is mainly about how private sector response to such disasters. He first mentions that most local companies rely heavily on communication and digital infrastructure. The most pressing concern is whether they can continue to provide services in the event of network disruption. The scarcity of digital and cybersecurity talents is also a major challenge faced by enterprises.

He also points out that Taiwanese companies heavily rely on very few suppliers, making it difficult to prioritize recovery support to affected companies when suppliers encounter security incidents.  It is suggested that, companies should identify the organization’s fundamental and core operational elements and protect them to maintain basic operations, in the case of cyber threat. When communication is disrupted, companies must convey accurate information to their employees to avoid additional risks arising from misinformation. In scenarios such as undersea cable disruptions, one of the measures that companies can take is system cloudification and overseas backups. However, Lin reminds companies to plan early and consider how to handle legacy systems that cannot be cloudified, as the process of system cloudification takes a long time.

The two key factors in maintaining digital resilience are the company’s own security management and the improvement of critical infrastructure protection. He uses the example of the Safe Harbor project in the United States to illustrate that the project emphasizes alliance autonomy and supply chain maintenance. If companies want to enter the supply chain environment, they must meet a certain level of security.

Finally, Lin also reminds that currently, companies rely heavily on critical infrastructure, but the responsibility for overseeing domestic critical infrastructure is divided among different ministries. In the future, it is recommended to consider the option of a single coordinating authority to be responsible for this.

Zheng, Ming-Zong
Director, Department of Communications and Cyber Resilience, Ministry of Digital Affairs

Presentation Download

Director Zheng first explains that resilience refers to the ability to respond to risks and can be divided into pre-event robustness, redundancy, and resourcefulness, mid-event response, and post-event recovery. In the event of a war or communication crisis, the government should clarify communication priority in order to maintain communication resilience.

Communication network resilience can be examined from three aspects: sea, land, and air. In the maritime domain, there are mainly submarine cables, while the land domain refers to mobile networks, and the air domain involves non-geostationary satellites. Regarding submarine cables, there are currently 14 international submarine cables connected to Taiwan. Since submarine cables have the highest transmission capacity, it would be difficult to find alternative communication solutions once they are disrupted, potentially isolating Taiwan as a communication island. To maintain the resilience of our submarine cables, the government has designated international submarine cable landing stations as critical infrastructure to supervise cable operators in enhancing the security protection of submarine cable communication systems, ensuring smooth international communication for the country. In addition, the government has planned to increase the number of international submarine cable landing stations and adopt covert methods to ensure security. However, under the current system in Taiwan, the international submarine cable landing process takes 2-3 years. To attract international submarine cable landings, the government has initiated a review of the process for acceleration.

Zheng further explains that digital resilience for mobile networks includes the core network, signal transmission, and base stations. In terms of approach, the core network can be placed in the cloud, while signal transmission can be assisted by low Earth orbit satellites. As for base stations, the government has started promoting related projects to enable different operators to share base station frequencies during major disasters or emergencies such as wars. Through the Public Protection and Disaster Relief (PPDR) system, 5G frequencies can be coordinated. Lastly, through disaster roaming, the government requires telecom operators to open up roaming, allowing people to access networks from different telecom providers.

In terms of satellites, the government is enhancing network resilience through non-geostationary satellites to ensure that the government command system can still communicate with the public and the international community during wars or large-scale disasters. Low Earth orbit satellite security will be an important aspect in the future.

Chien, Lien-Kwei
Professor, Department of Harbor and River Engineering, National Taiwan Ocean University

Presentation Download

Chien first provides an overview of submarine cable infrastructure. He mentions that submarine cables are laid through underground engineering, allowing them to pass through sea dikes. The current trend is to deploy submarine cables in deeper waters. To prevent damage to submarine cables by ships, the government can reach agreements with stakeholders such as fishing vessels to regulate areas where anchoring is prohibited. In terms of cable interconnection, many cable stations have shared cable ducts to connect submarine cables to international cable stations.

Regarding submarine cable fault repair, underwater survey vehicles can be used to locate cable breaks, and the damaged sections can be brought onboard ships for repairs. Currently, when such incidents occur in Taiwan, international cable operators are often responsible for arranging repairs. However, the outlying islands (such as Matsu) are closer to China and have many fishing vessels in their waters, making submarine cables more vulnerable. Professor Jian believes that submarine cable security requires joint efforts from the government and industry stakeholders. Cable operators have social responsibilities and need to have protection plans. When incidents exceed the capabilities of the operators’ plans, government intervention and assistance are preferable.

He further indicated that placement of international cable stations and landing points should align with national spatial and industrial development needs. Currently, there are issues with submarine cable pipelines crossing paths with coastal wind power plants, as well as conflicts with marine. The country should engage at the national-level spatial planning for submarine cables, considering resilience and national security infrastructure.

Regarding submarine cable risk management, the location of submarine cables is public information, and there are mechanisms in place to provide alerts when vessels enter cable zones. However, submarine cables may face risks of sabotage. Professor Jian suggests reviewing regulations to clarify and increase the penalties for damaging submarine cables. Additionally, Taiwan should coordinate with neighboring countries such as the Philippines, China, and Japan to ensure submarine cable security.

In conclusion, submarine cable security requires joint efforts from industry stakeholders and the government. Users or telecommunication providers utilizing submarine cables must fulfill their corporate social responsibility to ensure their security. The government needs to establish secure channels and warning systems, structure submarine cable security management mechanisms, and promote cooperation among units such as coast guard, digital communications, aviation administration, land planning, and defense. This collaboration should complement the warning and alert systems and effectively manage submarine cable risks.

From national strategic perspective, comprehensive policies and regulations for submarine cable security are mandatory.  Taiwan is an island nation surrounded by the ocean. With various regulations related to submarine cable laying, and relevant oversight should involve interdepartmental coordination to clarify the division of responsibilities in the submarine cable industry.

Su, Tzu-yun
Research Fellow and Director, Division of Defense Strategy and Resources, Institute for National Defense and Security Research

Su believes that submarine cable security challenges can be observed from two perspectives: geopolitical and cybersecurity attacks. In terms of geopolitics, he gives an example of the US government vetoing a Pacific cable funded by Facebook and Google in 2019 on security grounds. The reason was that the cable connected to Hong Kong, which is required to provide relevant information to the Chinese government according to the law. Regarding cybersecurity attacks, he quotes former US Navy Admiral James G. Stavridis, who stated that both China and Russia have the capability to intercept digital signals from submarine cables using robots and steal information.

In the event of a large-scale war leading to communication disruptions, Su distinguishes the the event into the internal network and the external network to analyze possible solutions. For the internal network, it encompasses facilities such as base stations, cable television networks, backbone optical cables, and data centers. Due to their large quantity, the overall survivability is high. He also suggests expanding the deployment of base stations and increasing the backup power generators and fuel storage equipment in data centers to ensure availability. Additionally, enhancing the underground and fortification capabilities of data centers can improve concealment and security.

The external network still relies on satellites and submarine cables. In the event of a war, commercial communication satellites such as Starlink, maritime satellites, and Iridium Communications can be leased for communication purposes. Currently, Chunghwa Telecom is discussing the future satellite project, which can provide greater bandwidth and serve as a government backup. Director Su recommends the development of domestically produced low Earth orbit satellites to strengthen Taiwan’s communication resilience. In terms of submarine cables, Taiwan can also utilize friendly neighboring countries’ submarine cables and microwave communication to provide network connectivity.

Chan, Nicole T. I.
Vice Chair, Digital Transformation Association

Chan concludes by stating that currently, only a few submarine cable maintenance providers resulting in slower cable repairs. Therefore, it is necessary to increase resilience through means such as microwave communication or the addition of new submarine cables. With the paradigm shift from traditional telecommunications operators to technology companies leading the submarine cable industry, more involvement from the technology industry is needed to ensure smooth data transmission and enhance submarine cable security.

建構多元異質的數位韌性

議程

14:00-14:05  活動介紹
14:05-15:45  焦點座談

  • 主持人-詹婷怡 副理事長(數位經濟暨產業發展協會)
  • 與談人-
    • 林彥良 資深執行副總 (勤業眾信 風險諮詢部門/醫療照護產業暨政府與公共事務負責人)
    • 鄭明宗 司長(數位發展部 韌性建設司)
    • 簡連貴 教授(國立臺灣海洋大學河海工程學系 )
    • 蘇紫雲 所長(國防安全研究院國防戰略與資源研究所)
      (依姓名筆劃順序排列)

15:45-16:00  現場問答

**簡報下載 <經講者同意提供>**

林彥良 資深執行副總 (勤業眾信 風險諮詢部門/醫療照護產業暨政府與公共事務負責人) 簡報下載

林資深執行副總主要從企業因應措施的角度來說明,他首先提到大多數國內的企業已數位化,高度仰賴通訊和數位基礎設施,最關切的即是能否在對外網路中斷的情況下持續提供服務;而數位及資安人才難尋是企業面臨的主要困境。

他也提醒,臺灣企業集中仰賴某些供應商,導致供應商出現資安問題時,很難排定受害企業的優先協助順序;當發生威脅的情況,企業也需應鑑別出組織最基礎與核心的營運要素為何,並針對核心項目進行保護,藉以維持基本營運;而當通訊中斷時,企業必須向員工傳遞正確資訊,避免因資訊不正確而衍生更多風險。在海纜中斷等情境中,系統雲端化、海外備份等是企業可採取的措施之一;惟系統雲端化作業時間較長,林執行副總也提醒企業及早規劃,並思考如何處理無法雲端化的遺留系統。

企業自身的安全管理,以及關鍵基礎設施保護的完善化是維護數位韌性的兩大要素。他以美國避風港計畫為例,說明該計畫強調聯盟自治與供應鏈維護,企業若要進入供應鏈環境,須達到一定安全水準。

最後林資深執行副總也提醒,目前企業對關鍵基礎設施的依賴度高,但國內關鍵基礎設施的主管機關卻分散給不同部會,未來建議可思考由單一統籌機關來負責的選項。

鄭明宗 司長(數位發展部 韌性建設司)簡報下載

鄭司長首先說明韌性即是風險應變能力,可分為事前的穩健力(Robustness)、備援力(Redundancy)和資源力(Resourcefulness),事中的應變力(Response)與事後的復原力(Recovery)。一旦發生戰爭、危及通訊,我國需釐清優先通訊項目,以維持通訊韌性。

通訊網路韌性則可分為海陸空三方面來看,海域主要為海纜、陸域為行動網路,空域則為非同步衛星。海纜方面,目前接入我國的國際海纜有14條,由於海纜傳輸容量最大,一旦遭斷,很難找到替代通訊方案,屆時臺灣恐淪為通訊孤島。為維護我國海纜韌性,政府已將國際海纜登陸站列為重要關鍵基礎設施,以督導海纜業者強化海纜通訊系統安全防護,確保我國對外通訊順暢。此外,政府已計畫增設國際海纜登陸站,並採隱匿方式,維護安全性。惟依照目前我國制度,國際海纜登陸流程需2-3年,為吸引國際海纜登陸,政府現已開始檢討流程的加速。

陸域行動網路方面,鄭司長說明要確保行動網路包括核網(core)、訊號傳輸與基地台三者之數位韌性,作法方面核網可置於雲端,而訊號傳輸則可透過低軌衛星協助;而在基地台方面,政府已開始推動相關計畫,於重大災害或戰爭等緊急情況發生時,讓不同業者基地台頻率共用,並透過PPDR(Public Protection and Disaster Relief,公共安全與救難應變)系統調度5G頻率。最後,政府亦透過災難漫遊,要求電信事業開放漫遊,使民眾可以接入不同電信業者的網路。

衛星方面,政府透過非同步軌道衛星強化網路韌性,確保政府指揮體系在戰爭或大規模災害發生時仍可向國民及國際發聲;低軌衛星安全將是未來重要環節。

簡連貴 教授(國立臺灣海洋大學河海工程學系 )簡報下載

簡教授首先概要介紹海纜架構,他從海纜鋪設會透過地下工程做法,讓海纜穿越海堤談起,並提及目前趨勢是將海纜部署於較深海域。為防止船隻破壞海纜,政府也可和漁船等利害關係人達成協議,規範海纜部署區域不能下錨。海纜串接方面,許多海纜站設置共同纜線管溝,進而把海纜串聯至國際纜站,進行連結。

在海纜故障修復方面,則可透過水下探測載具了解斷纜位置,再把損壞部分運至船上進行修復;目前我國在遇到這類狀況時,多透過國際海纜業者安排修復;而我國離島(如馬祖)鄰近中國,海域漁船多,海纜易遭破壞。他認為,海纜安全須政府和業者共同維護,海纜業者具有社會責任,需有防護規劃,待事件危害超越業者規劃時,政府部門甫介入協助為佳。

從國土角度來看,國際海纜站佈設、登陸點須配合國土空間與產業發展需求,目前海纜管線與沿岸風力發電廠有管線跨越問題,海纜也與用海單位存在競合問題,我國應透過國家層級進行海纜空間規劃,並將韌性和國安基礎設施考量在內。

海纜風險管理方面,海纜區位屬公開資訊,目前有船舶到達海纜區域時進行預警的機制;然海纜可能面臨人為破壞行為,簡教授建議檢視法規,釐清並加重破壞海纜的刑責。此外,臺灣須與菲律賓、中國和日本等鄰近國家協調,確保海纜安全。

承接上述,海纜安全需業者和政府共同維護。海纜使用者或通訊業者需善盡用海的企業社會責任,確保海纜安全性;政府須建立安全通道和警示系統,架構海纜安全管理機制,並促進海巡、數位通訊、航政、國土、國防等單位間的合作,配合預警和警示系統,妥善海纜風險管理。

從國家戰略來看,需有完善海纜安全的政策與法規,我國為海洋國家,有諸多法規和海纜鋪設有關,相關監管應進行跨部會協調,釐清海纜業務分工。

蘇紫雲 所長(國防安全研究院國防戰略與資源研究所)

蘇所長認為,海纜安全挑戰可從地緣政治與資安攻擊兩個角度來觀察。地緣政治方面,他舉例,美國政府於2019 年以安全為由否決Facebook 和Google資助的太平洋光纜,理由是該海纜連至香港,而香港須依法提供中國政府相關資料;資安攻擊方面,他引述美國前海軍上將James G. Stravridis說法,中俄都有能力透過機器人讀取海纜數位訊號,竊取資訊。

當一旦發生大規模戰爭導致通訊中斷時,蘇所長可區分內部網路(Intranet)與對外網路(Internet)來分析可能方案。在內部網路部分,其涵蓋基地台、有線電視網路、骨幹光纜與機房等設施,因數量多整體存活率高,他也建議應廣設基地台,並增加機房備轉發電機與儲油設備確保可用性,同時透過機房地下化和強固化,強化隱蔽性與安全性。

對外網路仍須仰賴衛星與海纜。一旦戰爭發生,可租用星鏈(starlink)、海事衛星、銥星(IridiumCommunications)等商用通訊衛星進行通訊;目前中華電信正研商後續「中新X」衛星計畫,該計畫可提供更大頻寬,維持政府備援。蘇所長建議我國發展國造低軌衛星,強化臺灣通訊韌性。海纜方面,我國亦可透過友善鄰國外國島嶼海纜、微波通訊提供網路。

詹婷怡 副理事長(數位經濟暨產業發展協會)

詹副理事長最後總結,目前僅有少數海纜維修業者可提供修復服務,造成海纜修復較慢,須透過微波通訊或增設海纜等手段,增加多元韌性。此外,過去海纜由傳統電信業者轉為科技業者主導的典範轉移下,也應有更多的科技產業加入海纜安全維護,確保資料能順利傳輸。