When it comes to “hackers,” the popular stereotype is that they steal information, filch money, and do other illegal acts. However, many hackers are also a positive force for network security. The Association of Hackers in Taiwan is committed to promoting cyber security awareness. The annual Hacks in Taiwan Conference (HITCON) is the largest hacker and cyber security technology seminar in Taiwan, and it is widely known in the global cyber security community.
The founder of the Association of Hackers in Taiwan, Tim Hsu, accepted an invitation for an exclusive interview with the MOST Center for Global Affairs and Science Engagement. He shared during this interview how white hat hackers in cyber security communicate with one another, assist the government and enterprises, and consolidate Taiwan's cyber security capacity.
HITCON, the largest cyber security event in Taiwan
HITCON enters its 17th session this November. With the goal of promoting cyber security awareness, HITCON brings cyber security technicians and white hat hackers together to exchange views and learn from each another. The Association of Hackers in Taiwan, the organizer, also assists the government and enterprises in setting the direction for cyber security policies as well as facilitating personnel exchanges in cyber security and employment matchmaking with enterprises. The Association has established a HITCON CTF team, created the HITCON GIRLS cyber security community, and has organized the HITCON CTF competition, the HITCON DEFENSE corporate cyber security offense and defense competition, HITCON Training, the HITCON HackDoor escape room, and many other activities to proactively consolidate Taiwan’s cyber security capacity from all angles.
The birth of HITCON is attributed to a group of young men with a passion for offensive and defensive hacking techniques. Tim Hsu, the founder and current director of the Association of Hackers in Taiwan, said that the annual global hacker contest DEFCON held in Las Vegas, USA is the world's most notable cyber security conference and continues to be a sanctuary for the hacker community to this day. Says Hsu, “In 2004, a bunch of buddies and I were hoping to imitate DEFCON and plan a cyber security seminar in Taiwan. We spent a year on the conception and planning. But the general social attitude at that time was that people had a negative impression of the word ‘hacker’, so we didn’t even dare to use the title ‘Hackers in Taiwan Conference’ when we were renting venues.”
In the early HITCONs, only a few dozen people who shared interests in cyber security were engaged in the exchanges. As the scale of the conference has grown larger and larger, the number of participants has now exceeded 1,500. With a wealth of activities, HITCON has gradually transformed into an internationally renowned cyber security event.
Offensive and defensive competitions to accelerate the cultivation of cyber security talents
Hsu believes that the term ‘hacker’ should be neutral. The biggest and key difference between ‘white hat’ hackers and ‘black hat’ hackers lies in whether knowledge and technology are used legitimately. It is precisely HITCON’s hope to help cyber security white hat hackers generate positive forces for society through community exchanges and publication of research and techniques.
The Ministry of Education has been promoting the Information Security Incubation Program since 2015. The program’s goal is to enhance colleges’ and universities’ cyber security teaching capacity, and to train contestants for international cyber security contests through industry-academic cooperation, as well as to develop cyber security talents who possess practical capabilities that can be used by the industry. HITCON’s social community influence also approaches on the cultivation of talents; connecting students, cyber security newcomers, and cyber security workers; absorbing cyber security knowledge; and making friends with like-minded individuals; The online attack and defense competition HITCON CTF has also been introduced into the Ministry of Education curriculum plan, where it has become a training ground for students to learn cyber security skills.
HITCON CTF attracts hackers from all over the world to compete together each year. Even more, the HITCON community has teamed up many times, and won second place at the DEFCON world offensive/defensive competition. Hsu observes, “For students, competitive activities make them motivated to learn. By analyzing and disassembling problems from previous years’ competitions, young people can improve their practical abilities more efficiently.”
In the past few years, many college students and senior high school students have teamed up with cross-school and cross-age groups to participate in the HITCON CTF challenge. Not only do they enjoy the fun of solving problems with team members and breaking through barriers, but they also get to realize what cyber security skills are required to find a job at an enterprise in the future.
CISO become “standard equipment” for the financial industry, accelerating cyber security industry development
Affected by the COVID-19 pandemic, the hybrid office has become the dominant model. The demand for remote network services has increased as well, which has also led to a significant increase in ransomware attacks. In particular, the financial industry and high-tech manufacturing industry have become targets for black hat hacker groups. The Financial Supervisory Commission announced this September that it will be mandatory for all financial enterprises to establish the position of CISO (Chief Information Security Officer) prior to the first quarter of next year, so as to strengthen the cyber security protection capabilities of Taiwan’s financial industry.
Hsu gives this analysis: “For most companies, their information personnel take responsibility for cyber security protection. However, from a certain point of view, information and cyber security should check and balance each other. Information is responsible for maintaining the system, while cyber security reduces the risk. Therefore, the establishment of that position – CISO – means that there will be a dedicated cyber security team to comprehensively detect threats and prevent cyber security loopholes.”
Hsu is optimistic about the significance of the benchmark set by this policy. Hsu says that Taiwan's cyber security industry is still in its infancy; with the financial industry taking the lead in establishing the position of CISO, it will create a ripple effect, where other upstream and downstream suppliers that cooperate with the financial industry will inevitably have to pay attention to cyber security regulations in the future. As a result, more and more industries will gradually follow suit, and the concept that “cyber security is national security” will be gradually implemented all the way from the government to the private sector!