Institute for National Defense and Security Research (INDSR) Company CyberSecurity Posture
indsr.org.tw
The Institute for National Defense and Security Research (INDSR, 財團法人國防安全研究院) is dedicated to advancing knowledge-based policy analysis and strategic assessment in support of Taiwan’s national security and defense strategy. Established on May 1, 2018, and headquartered in Taipei, Taiwan, INDSR serves as a hub for rigorous analysis, informed dialogue, and innovative thinking. The Institute is committed to generating forward-looking insights and fostering impactful discussions on a broad spectrum of critical issues, including international security and defense policy, China’s political and military developments, emerging and non-traditional security threats, hybrid and cognitive warfare, and cybersecurity. INDSR is organized into four specialized research divisions: the Division of National Security Research, the Division of Chinese Politics, Military and Warfighting Concepts, the Division of Cyber Security and Decision-Making Simulation, and the Division of Defense Strategy and Resources.
Company Details
institute-for-national-defense-and-security-research
18
553
54172
indsr.org.tw
0
INS_4199932
In-progress
INDSR Risk Score (AI oriented)Between 700 and 749
INDSR Global Score (TPRM)XXXX
Description: In October 2024, China exposed the deployment of covert **underwater deep-sea spying devices**—dubbed 'underwater lighthouses'—by foreign adversaries near its territorial waters. These sophisticated systems, disguised as scientific research equipment, were actively **monitoring naval movements**, gathering **classified maritime intelligence**, and potentially guiding espionage operations. The breach compromises China’s **strategic military positioning**, undermines **maritime sovereignty**, and escalates geopolitical tensions in the Asia-Pacific region.The infiltration threatens **national security protocols**, as the stolen data could include **submarine routes, fleet deployments, and underwater communication networks**. Given the devices’ proximity to disputed zones (e.g., the South China Sea), the incident risks **exacerbating territorial conflicts** and could provoke retaliatory cyber or kinetic responses. The Chinese government has demanded **counterespionage measures**, but the long-term damage includes **eroded trust in maritime research collaborations**, **increased militarization of the region**, and the potential for **asymmetric warfare tactics** (e.g., sabotage of critical underwater infrastructure). The attack’s scale and targeting of **state-level defense assets** align with high-stakes cyber-physical threats.
No incidents recorded for Institute for National Defense and Security Research (INDSR) in 2025.
No incidents recorded for Institute for National Defense and Security Research (INDSR) in 2025.
No incidents recorded for Institute for National Defense and Security Research (INDSR) in 2025.
INDSR cyber incidents detection timeline including parent company and subsidiaries
The Institute for National Defense and Security Research (INDSR, 財團法人國防安全研究院) is dedicated to advancing knowledge-based policy analysis and strategic assessment in support of Taiwan’s national security and defense strategy. Established on May 1, 2018, and headquartered in Taipei, Taiwan, INDSR serves as a hub for rigorous analysis, informed dialogue, and innovative thinking. The Institute is committed to generating forward-looking insights and fostering impactful discussions on a broad spectrum of critical issues, including international security and defense policy, China’s political and military developments, emerging and non-traditional security threats, hybrid and cognitive warfare, and cybersecurity. INDSR is organized into four specialized research divisions: the Division of National Security Research, the Division of Chinese Politics, Military and Warfighting Concepts, the Division of Cyber Security and Decision-Making Simulation, and the Division of Defense Strategy and Resources.
Fundación IDEA was founded in 2005; it was one of the first publicy policy think tanks in Mexico. It is a non-profit, independent organization, whose mission is to design and promote innovative public policies which generate equal opportunities for Mexicans, as well as for people of other countries.
The Institute for Justice and Reconciliation (IJR) was launched in the year 2000, in the aftermath of South Africa´s Truth and Reconciliation Commission. The aim was to ensure that lessons learnt from South Africa´s transition from apartheid to democracy were taken into account as the nation moved a
Centre for Civil Society advances social change through public policy. Our work in education, livelihood, and policy training promotes choice and accountability across the private and public sectors. To translate policy into practice, we engage with policy and opinion leaders through research, pilot
Aspen Digital is a nonpartisan technology and information-focused organization that brings together thinkers and doers to uncover new ideas and spark policies, processes, and procedures that empower communities and strengthen democracy. A future-focused program of the Aspen Institute, we inspire col
CPO Track® is a global community for product leaders and executives. It is a network created for product executives, by product executives. It offers a safe platform for members to build peer networks; learn new skills; participate in high quality events; access experts, investors, mentors, coache
Openly Disruptive is a public think tank. We engage the people creating tomorrow with public events, innovative content, open innovation platforms and private consulting. We believe solutions to our biggest challenges and opportunities come from collaboration around open technology, lean and agi
.png)
This initiative aims to provide recommendations for government defense policies while also releasing all survey data for external researchers and experts.
Chinese apps are a potential national security risk because of China's authoritarian political system, two Institute for National Defense and Security Research...
Recently, the United States has grown more apprehensive regarding the potential of a People's Republic of China (PRC) invasion of Taiwan.
Institute for National Defense and Security Research.
Cooperation between the Institute for National Defense and Security Research and the Peruvian Army Center for Strategic Studies (CEEEP).
In a recent conference, scholars and researchers presented findings of their analysis of defense and security surveys commissioned by the Institute of...
Commander Ma delivered this speech as the lunch keynote on October 8, 2018, at the 2018 Defense Forum on Regional Security, which focused on the theme of...
By Jung-Ming Chang[1]. Introduction. After Liu Huaqing, former admiral of the People's Liberation Army Navy (PLAN) of the People's Republic of China...
As the US Marines face their biggest reorganization in 100 years, shifting from a second land army to smaller amphibious units stationed...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Institute for National Defense and Security Research (INDSR) is https://indsr.org.tw/en/index.
According to Rankiteo, Institute for National Defense and Security Research (INDSR)’s AI-generated cybersecurity score is 739, reflecting their Moderate security posture.
According to Rankiteo, Institute for National Defense and Security Research (INDSR) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Institute for National Defense and Security Research (INDSR) is not certified under SOC 2 Type 1.
According to Rankiteo, Institute for National Defense and Security Research (INDSR) does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Institute for National Defense and Security Research (INDSR) is not listed as GDPR compliant.
According to Rankiteo, Institute for National Defense and Security Research (INDSR) does not currently maintain PCI DSS compliance.
According to Rankiteo, Institute for National Defense and Security Research (INDSR) is not compliant with HIPAA regulations.
According to Rankiteo,Institute for National Defense and Security Research (INDSR) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Institute for National Defense and Security Research (INDSR) operates primarily in the Think Tanks industry.
Institute for National Defense and Security Research (INDSR) employs approximately 18 people worldwide.
Institute for National Defense and Security Research (INDSR) presently has no subsidiaries across any sectors.
Institute for National Defense and Security Research (INDSR)’s official LinkedIn profile has approximately 553 followers.
Institute for National Defense and Security Research (INDSR) is classified under the NAICS code 54172, which corresponds to Research and Development in the Social Sciences and Humanities.
No, Institute for National Defense and Security Research (INDSR) does not have a profile on Crunchbase.
Yes, Institute for National Defense and Security Research (INDSR) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/institute-for-national-defense-and-security-research.
As of December 05, 2025, Rankiteo reports that Institute for National Defense and Security Research (INDSR) has experienced 1 cybersecurity incidents.
Institute for National Defense and Security Research (INDSR) has an estimated 812 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with enhanced maritime surveillance, incident response plan activated with counterespionage measures, and containment measures with increased patrol of disputed waters, containment measures with technological countermeasures against underwater devices, and remediation measures with development of underwater detection systems, remediation measures with diplomatic protests, and communication strategy with public warning issuance, communication strategy with media statements on national security risks, and enhanced monitoring with underwater sensor networks, enhanced monitoring with naval movement tracking..
Title: Warning on Foreign Underwater Espionage Devices Near Chinese Waters
Description: In October 2024, China issued a warning about foreign nations deploying advanced deep-sea spying devices near its waters, referred to as 'underwater lighthouses.' These devices are alleged to monitor China's naval movements and collect sensitive maritime data under the guise of scientific research. The Chinese government emphasized the risks to national security and maritime sovereignty, calling for heightened vigilance and countermeasures. The revelation coincides with escalating regional tensions, particularly over territorial disputes and the strategic importance of maritime zones in the Asia-Pacific.
Date Detected: 2024-10
Date Publicly Disclosed: 2024-10
Type: espionage
Attack Vector: underwater surveillance devicesdeep-sea spying technologycovert data collection
Vulnerability Exploited: maritime domain awareness gapsunderwater sensor network vulnerabilitiesmisuse of scientific research cover
Threat Actor: foreign nation-statesunidentified state-sponsored actors
Motivation: military intelligence gatheringstrategic maritime dominancegeopolitical advantageterritorial dispute leverage
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through deployment of underwater devices in international waters near Chinese territory.
Data Compromised: Naval movement data, Sensitive maritime intelligence, Underwater sensor data
Systems Affected: maritime surveillance systemsnaval operational security
Operational Impact: compromised maritime sovereigntyincreased counterespionage costsdisruption of naval secrecy
Brand Reputation Impact: perceived vulnerability in maritime defensesgeopolitical distrust
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Military Naval Data, Maritime Geographic Intelligence, Underwater Acoustic Signals and .
Entity Name: People's Republic of China
Entity Type: government
Industry: defense, maritime security, national security
Location: China (coastal and offshore waters)
Incident Response Plan Activated: ['enhanced maritime surveillance', 'counterespionage measures']
Containment Measures: increased patrol of disputed waterstechnological countermeasures against underwater devices
Remediation Measures: development of underwater detection systemsdiplomatic protests
Communication Strategy: public warning issuancemedia statements on national security risks
Enhanced Monitoring: underwater sensor networksnaval movement tracking
Incident Response Plan: The company's incident response plan is described as enhanced maritime surveillance, counterespionage measures, .
Type of Data Compromised: Military naval data, Maritime geographic intelligence, Underwater acoustic signals
Sensitivity of Data: high (national security-level)
Data Exfiltration: likely (via underwater transmission to foreign actors)
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: development of underwater detection systems, diplomatic protests, .
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by increased patrol of disputed waters, technological countermeasures against underwater devices and .
Regulations Violated: UNCLOS (United Nations Convention on the Law of the Sea) - potential misuse of scientific research provisions,
Legal Actions: diplomatic protests, potential international legal challenges,
Regulatory Notifications: internal government alertspublic security advisories
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through diplomatic protests, potential international legal challenges, .
Lessons Learned: Need for advanced underwater detection capabilities to counter covert surveillance, Importance of distinguishing legitimate scientific research from espionage activities, Strategic value of maritime data in modern geopolitical conflicts
Recommendations: Invest in underwater drone detection technologies, Strengthen international maritime law enforcement cooperation, Develop countermeasures for deep-sea espionage devices, Enhance transparency in scientific research activities near territorial watersInvest in underwater drone detection technologies, Strengthen international maritime law enforcement cooperation, Develop countermeasures for deep-sea espionage devices, Enhance transparency in scientific research activities near territorial watersInvest in underwater drone detection technologies, Strengthen international maritime law enforcement cooperation, Develop countermeasures for deep-sea espionage devices, Enhance transparency in scientific research activities near territorial watersInvest in underwater drone detection technologies, Strengthen international maritime law enforcement cooperation, Develop countermeasures for deep-sea espionage devices, Enhance transparency in scientific research activities near territorial waters
Key Lessons Learned: The key lessons learned from past incidents are Need for advanced underwater detection capabilities to counter covert surveillance,Importance of distinguishing legitimate scientific research from espionage activities,Strategic value of maritime data in modern geopolitical conflicts.
Source: Chinese Government Statement (October 2024)
Date Accessed: 2024-10
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Chinese Government Statement (October 2024)Date Accessed: 2024-10.
Investigation Status: ongoing (government-led counterespionage efforts)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Warning Issuance and Media Statements On National Security Risks.
Stakeholder Advisories: Maritime Security Agencies, Naval Forces, Coastal Defense Units.
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Maritime Security Agencies, Naval Forces and Coastal Defense Units.
Entry Point: Deployment Of Underwater Devices In International Waters Near Chinese Territory,
Reconnaissance Period: unknown (likely long-term, given underwater device nature)
High Value Targets: Chinese Naval Bases, Submarine Routes, Strategic Maritime Chokepoints,
Data Sold on Dark Web: Chinese Naval Bases, Submarine Routes, Strategic Maritime Chokepoints,
Root Causes: Lack Of Comprehensive Underwater Surveillance Capabilities, Exploitation Of Scientific Research As Cover For Espionage, Geopolitical Tensions Enabling Covert Intelligence Operations,
Corrective Actions: Development Of Dedicated Underwater Anti-Espionage Units, Implementation Of Stricter Maritime Research Activity Monitoring, Diplomatic Pressure On Nations Suspected Of Deploying Spy Devices,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Underwater Sensor Networks, Naval Movement Tracking, .
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Development Of Dedicated Underwater Anti-Espionage Units, Implementation Of Stricter Maritime Research Activity Monitoring, Diplomatic Pressure On Nations Suspected Of Deploying Spy Devices, .
Last Attacking Group: The attacking group in the last incident was an foreign nation-statesunidentified state-sponsored actors.
Most Recent Incident Detected: The most recent incident detected was on 2024-10.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-10.
Most Significant Data Compromised: The most significant data compromised in an incident were naval movement data, sensitive maritime intelligence, underwater sensor data and .
Most Significant System Affected: The most significant system affected in an incident was maritime surveillance systemsnaval operational security.
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was increased patrol of disputed waterstechnological countermeasures against underwater devices.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were sensitive maritime intelligence, underwater sensor data and naval movement data.
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was diplomatic protests, potential international legal challenges, .
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Strategic value of maritime data in modern geopolitical conflicts.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance transparency in scientific research activities near territorial waters, Develop countermeasures for deep-sea espionage devices, Strengthen international maritime law enforcement cooperation and Invest in underwater drone detection technologies.
Most Recent Source: The most recent source of information about an incident is Chinese Government Statement (October 2024).
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (government-led counterespionage efforts).
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was maritime security agencies, naval forces, coastal defense units, .
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was unknown (likely long-term, given underwater device nature).
.png)
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid