Taiwan faces relentless cyber pressure, with China-linked actors launching 2.63 million intrusion attempts against Taiwan’s critical infrastructure every day. Yet last month, an unexpected breach halted four high-speed rail trains for 48 minutes when a Taiwanese college student used off-the-shelf radio equipment to spoof an emergency signal.
The student and amateur radio operator, a 23-year-old surnamed Lin (林), obtained configuration information for the high-speed rail’s radio communications system, called TETRA, and programmed his own radio equipment to imitate official signals. He bypassed seven security checks in the TETRA radio system, which reportedly had not had its encryption keys updated in the last 19 years. Police arrested Lin on April 28. This week, the Ministry of Transportation and Communications announced a one-month audit of rail communications.
Experts say the incident reflects deeper issues in Taiwan’s operational technology infrastructure, which runs physical systems like critical infrastructure. The information security community has been issuing warnings about the need to update TETRA “for a long time,” said Yi-Suo Tzeng (曾怡碩), a research fellow at the Institute for National Defense and Security Research. The incident should be “a wakeup call” for Taiwan, Tzeng said.
Hardening the resiliency of operational technology is a global challenge. It involves legacy equipment and facilities, which often lack well-developed playbooks for situations that were not anticipated when the systems were first designed. These systems also tend to operate in a closed, internal loop that receives less scrutiny — people assume everything is fine as long as nothing major goes wrong.
Typically, organizations running critical infrastructure don’t upgrade their operational technology systems until necessary due to failure, said Felix Wu (吳 士駿), dean of the College of Electrical Engineering and Computer Science at National Cheng Kung University. He noted that it can be difficult to assess the cyber readiness of Taiwan’s critical infrastructure because relevant information is closely guarded, so it remains unclear what measures have been implemented to bolster resilience and what has been effective. Often, weaknesses only become visible when an incident like the high-speed rail breach occurs.
According to Crystal Tu (杜貞儀), another research fellow at the institute, the high-speed rail breach appears to stem less from a sophisticated cyberattack and more from weaknesses in physical device management and operational discipline. Lin may have been able to spoof parts of the system, likely through obtaining TETRA configuration parameters rather than breaking cryptographic protections directly. Police later arrested a 20-year old accomplice with the surname Chen, who is suspected of providing the parameters to Lin. Chen claims he received the parameters from an online user.
That two amateur radio enthusiasts using commercially available tools could bring the high-speed rail to a standstill is especially striking given the far more complex and persistent cyber threat that Taiwan faces from China. In a session at the CYBERSEC conference in Taipei this week, Chuck Weissenborn, the chief technology officer at Dragos Public Sector, identified a new, China-linked cyberespionage group called Azurite that targets Taiwan and several other countries. Notably, Azurite seems to be focused on stealing the settings and behavior rules that underpin critical infrastructure. This is not espionage, but rather “preparation for an attack,” Weissenborn said. “The only reason you need to collect some of the information they are collecting is if you intend to cause an attack.”
Attacks on critical infrastructure create cascading failures across other sectors, said Ying-Dar Lin (林盈達), president of the National Institute of Cyber Security, in a speech at CYBERSEC. “That is why some people say that if China is going to attack Taiwan, they will hit Taiwan’s critical infrastructure. Because doing so would plunge the society and government into chaos, leaving them with no time to take care of the situation in the Taiwan Strait.”
While the impact of the emergency signal sent by Lin last month was mild, it underscores the risk that a spoof could give “a fatal directive” that leads to the loss of human life and the destruction of transportation infrastructure, said Tzeng, the research fellow at the Institute for National Defense and Security Research. An incident like this would stoke fear and anxiety among the public, Tzeng said, making it more difficult to “brace for the impact” of a Chinese invasion.
Leave a Reply