《TAIPEI TIMES》 Taiwan lags in info security production
FOREIGN-RELIANT: Only through local development and production can Taiwan ensure that critical information is secure and protected, industry experts said
By Ou Yu-hsiang and William Hetherington / Staff reporter, with staff writer
Taiwan still largely relies on foreign manufacturers for information security-related software and hardware systems, and should strive to boost domestic production to improve security, experts said yesterday.
The government has over the past few years called on listed companies to bolster information security management, including through the establishment of dedicated information security departments, Taipei University of Technology vice president Yang Shih-hsuan （楊士萱） said.
However, the Executive Yuan’s list of information security software manufacturers still mainly comprises foreign companies, he said.
“Both industry and academia agree that policy support for domestic production of information security software should be strengthened,” he said.
“This is the only way we can protect information that is crucial to national security. In particular, Taiwan’s critical infrastructure needs to be made domestically,” he said.
Taiwan has the highest frequency of cyberattacks in Asia due to its geopolitical status, and information security risks in the country would only worsen as industries move software systems to the cloud and introduce artificial intelligence into their operations, he said.
“The government should approach the situation in the same manner as it does the domestic development of naval warships, encouraging the government and private industry to jointly strengthen cybersecurity capabilities,” he said.
Information security products can help a company or government agency quickly get a grasp of the weaknesses in their software systems, information security specialist Liu Yan-po （劉彥伯） said.
“Although the majority of systems used in Taiwan are from major companies in the US and Israel, there is no guarantee of their reliability, which is why Taiwan must seek to make these systems locally,” he said.
Although there is consensus among researchers in Taiwan that information security is a core industry, Taiwan lacks regulations governing the sourcing of information security products, Democratic Progressive Party Legislator Puma Shen （沈伯洋） said, adding that even domestically made products often contain China-made components.
“The government must first define what constitutes ‘made in Taiwan’ when it comes to such products before it can draft relevant legislation on their manufacture,” he said.
However, the development of information security products would initially require comprehensive data collection and is capital-intensive, which Taiwanese start-ups are often unable to afford, Systex Solutions Corp （精誠資訊） vice president Chan Yi-cheng （詹伊正） said.
Consequently, few Taiwanese companies produce information security software and hardware systems entirely on their own, and most often operate as agents of larger companies, Chan said.
Exacerbating the situation is Taiwan’s relatively small market and difficulty securing talent, he said.
“There is a shortage of about 80,000 people in the industry, with the highest demand being for network security analysts and managers,” he said.
Chan attributed the shortage to the time it takes to train talent, which requires a background in information technology, in addition to six months of legal training, one year of field-specific training, and at least two years of experience dealing with information security incidents prior to permanent employment, he said.
“Therefore, although many listed companies actively train people, it is difficult to keep up with the talent gap and the industry’s rapid expansion,” he said.