Agenda
14:00-14:05 Introduce
14:05-15:45 Panel Discussion
- Moderator:
Chan, Nicole T. I. ─Vice Chair, Digital Transformation Association - Penelists:
Lin, Max─ Government & Public Services Leader, Health Care Sector Leader Risk Advisory Managing Partner, Deloitte
Zheng, Ming-Zong ─Director, Department of Communications and Cyber Resilience, Ministry of Digital Affairs
Chien, Lien-Kwei ─Professor, Department of Harbor and River Engineering, National Taiwan Ocean University
Su, Tzu-yun─Research Fellow and Director, Division of Defense Strategy and Resources, Institute for National Defense and Security Research
**Presentation Download <Provided with the consent of the speaker>**
Lin, Max
Government & Public Services Leader, Health Care Sector Leader Risk Advisory Managing Partner, Deloitte
Lin’s presentation is mainly about how private sector response to such disasters. He first mentions that most local companies rely heavily on communication and digital infrastructure. The most pressing concern is whether they can continue to provide services in the event of network disruption. The scarcity of digital and cybersecurity talents is also a major challenge faced by enterprises.
He also points out that Taiwanese companies heavily rely on very few suppliers, making it difficult to prioritize recovery support to affected companies when suppliers encounter security incidents. It is suggested that, companies should identify the organization’s fundamental and core operational elements and protect them to maintain basic operations, in the case of cyber threat. When communication is disrupted, companies must convey accurate information to their employees to avoid additional risks arising from misinformation. In scenarios such as undersea cable disruptions, one of the measures that companies can take is system cloudification and overseas backups. However, Lin reminds companies to plan early and consider how to handle legacy systems that cannot be cloudified, as the process of system cloudification takes a long time.
The two key factors in maintaining digital resilience are the company’s own security management and the improvement of critical infrastructure protection. He uses the example of the Safe Harbor project in the United States to illustrate that the project emphasizes alliance autonomy and supply chain maintenance. If companies want to enter the supply chain environment, they must meet a certain level of security.
Finally, Lin also reminds that currently, companies rely heavily on critical infrastructure, but the responsibility for overseeing domestic critical infrastructure is divided among different ministries. In the future, it is recommended to consider the option of a single coordinating authority to be responsible for this.
Zheng, Ming-Zong
Director, Department of Communications and Cyber Resilience, Ministry of Digital Affairs
Director Zheng first explains that resilience refers to the ability to respond to risks and can be divided into pre-event robustness, redundancy, and resourcefulness, mid-event response, and post-event recovery. In the event of a war or communication crisis, the government should clarify communication priority in order to maintain communication resilience.
Communication network resilience can be examined from three aspects: sea, land, and air. In the maritime domain, there are mainly submarine cables, while the land domain refers to mobile networks, and the air domain involves non-geostationary satellites. Regarding submarine cables, there are currently 14 international submarine cables connected to Taiwan. Since submarine cables have the highest transmission capacity, it would be difficult to find alternative communication solutions once they are disrupted, potentially isolating Taiwan as a communication island. To maintain the resilience of our submarine cables, the government has designated international submarine cable landing stations as critical infrastructure to supervise cable operators in enhancing the security protection of submarine cable communication systems, ensuring smooth international communication for the country. In addition, the government has planned to increase the number of international submarine cable landing stations and adopt covert methods to ensure security. However, under the current system in Taiwan, the international submarine cable landing process takes 2-3 years. To attract international submarine cable landings, the government has initiated a review of the process for acceleration.
Zheng further explains that digital resilience for mobile networks includes the core network, signal transmission, and base stations. In terms of approach, the core network can be placed in the cloud, while signal transmission can be assisted by low Earth orbit satellites. As for base stations, the government has started promoting related projects to enable different operators to share base station frequencies during major disasters or emergencies such as wars. Through the Public Protection and Disaster Relief (PPDR) system, 5G frequencies can be coordinated. Lastly, through disaster roaming, the government requires telecom operators to open up roaming, allowing people to access networks from different telecom providers.
In terms of satellites, the government is enhancing network resilience through non-geostationary satellites to ensure that the government command system can still communicate with the public and the international community during wars or large-scale disasters. Low Earth orbit satellite security will be an important aspect in the future.
Chien, Lien-Kwei
Professor, Department of Harbor and River Engineering, National Taiwan Ocean University
Chien first provides an overview of submarine cable infrastructure. He mentions that submarine cables are laid through underground engineering, allowing them to pass through sea dikes. The current trend is to deploy submarine cables in deeper waters. To prevent damage to submarine cables by ships, the government can reach agreements with stakeholders such as fishing vessels to regulate areas where anchoring is prohibited. In terms of cable interconnection, many cable stations have shared cable ducts to connect submarine cables to international cable stations.
Regarding submarine cable fault repair, underwater survey vehicles can be used to locate cable breaks, and the damaged sections can be brought onboard ships for repairs. Currently, when such incidents occur in Taiwan, international cable operators are often responsible for arranging repairs. However, the outlying islands (such as Matsu) are closer to China and have many fishing vessels in their waters, making submarine cables more vulnerable. Professor Jian believes that submarine cable security requires joint efforts from the government and industry stakeholders. Cable operators have social responsibilities and need to have protection plans. When incidents exceed the capabilities of the operators’ plans, government intervention and assistance are preferable.
He further indicated that placement of international cable stations and landing points should align with national spatial and industrial development needs. Currently, there are issues with submarine cable pipelines crossing paths with coastal wind power plants, as well as conflicts with marine. The country should engage at the national-level spatial planning for submarine cables, considering resilience and national security infrastructure.
Regarding submarine cable risk management, the location of submarine cables is public information, and there are mechanisms in place to provide alerts when vessels enter cable zones. However, submarine cables may face risks of sabotage. Professor Jian suggests reviewing regulations to clarify and increase the penalties for damaging submarine cables. Additionally, Taiwan should coordinate with neighboring countries such as the Philippines, China, and Japan to ensure submarine cable security.
In conclusion, submarine cable security requires joint efforts from industry stakeholders and the government. Users or telecommunication providers utilizing submarine cables must fulfill their corporate social responsibility to ensure their security. The government needs to establish secure channels and warning systems, structure submarine cable security management mechanisms, and promote cooperation among units such as coast guard, digital communications, aviation administration, land planning, and defense. This collaboration should complement the warning and alert systems and effectively manage submarine cable risks.
From national strategic perspective, comprehensive policies and regulations for submarine cable security are mandatory. Taiwan is an island nation surrounded by the ocean. With various regulations related to submarine cable laying, and relevant oversight should involve interdepartmental coordination to clarify the division of responsibilities in the submarine cable industry.
Su, Tzu-yun
Research Fellow and Director, Division of Defense Strategy and Resources, Institute for National Defense and Security Research
Su believes that submarine cable security challenges can be observed from two perspectives: geopolitical and cybersecurity attacks. In terms of geopolitics, he gives an example of the US government vetoing a Pacific cable funded by Facebook and Google in 2019 on security grounds. The reason was that the cable connected to Hong Kong, which is required to provide relevant information to the Chinese government according to the law. Regarding cybersecurity attacks, he quotes former US Navy Admiral James G. Stavridis, who stated that both China and Russia have the capability to intercept digital signals from submarine cables using robots and steal information.
In the event of a large-scale war leading to communication disruptions, Su distinguishes the the event into the internal network and the external network to analyze possible solutions. For the internal network, it encompasses facilities such as base stations, cable television networks, backbone optical cables, and data centers. Due to their large quantity, the overall survivability is high. He also suggests expanding the deployment of base stations and increasing the backup power generators and fuel storage equipment in data centers to ensure availability. Additionally, enhancing the underground and fortification capabilities of data centers can improve concealment and security.
The external network still relies on satellites and submarine cables. In the event of a war, commercial communication satellites such as Starlink, maritime satellites, and Iridium Communications can be leased for communication purposes. Currently, Chunghwa Telecom is discussing the future satellite project, which can provide greater bandwidth and serve as a government backup. Director Su recommends the development of domestically produced low Earth orbit satellites to strengthen Taiwan’s communication resilience. In terms of submarine cables, Taiwan can also utilize friendly neighboring countries’ submarine cables and microwave communication to provide network connectivity.
Chan, Nicole T. I.
Vice Chair, Digital Transformation Association
Chan concludes by stating that currently, only a few submarine cable maintenance providers resulting in slower cable repairs. Therefore, it is necessary to increase resilience through means such as microwave communication or the addition of new submarine cables. With the paradigm shift from traditional telecommunications operators to technology companies leading the submarine cable industry, more involvement from the technology industry is needed to ensure smooth data transmission and enhance submarine cable security.