Tensions over Taiwan continue to run high, and the United States estimates that the country now faces tens of millions of Chinese cyber attacks each month. A proposed cyber defense bill, which has support on both sides of the political aisle, would authorize the U.S. Department of Defense (DoD) to ramp up training and direct cooperation on defensive measures.
The proposal comes as Chinese aggression toward the nation is slowly but meaningfully ramping up, with both an increase in military drills and presence near the island and an increase in cyber attacks. Assorted intelligence sources maintain that China is planning a potential invasion of Taiwan to take place at some point within the next decade.
Chinese cyber attacks seen as opening salvo in possible future invasion
The Taiwan Cybersecurity Resiliency Act has bipartisan sponsorship in both the House and Senate. Introduced by Democrat Senator Jacky Rosen of Nevada, the legislation is meant to assist Taiwan in becoming a “well armed porcupine” prepared to repel China in an invasion scenario.
Sponsor Mike Gallagher, Republican Representative from Wisconsin, notes that Chinese cyber attacks on Taiwan are already taking place, spanning from influence operations to attempts on public infrastructure and military targets. Given the amount and quality of these attacks, the nation requires a fully modernized cyber defense program that is prepared for the cutting edge of hacking techniques. Rosen added that Taiwan is used as a testing ground for attacks later deployed by China’s advanced persistent threat (APT) groups against targets in the United States.
If the bill passes, it would authorize several different programs to be overseen by the Secretary of Defense. It would provide cybersecurity training and exercises for Taiwan, but it would also see the US take a more active role in Taiwan’s cyber defense. It calls for use of US cybersecurity technologies to help defend Taiwan, including specific programs for the country’s military networks, infrastructure and systems. The most interesting point is a call for the US to eliminate “ongoing malicious cyber activity targeting Taiwan,” something that suggests offensive hacking.
The lawmakers said that Taiwan faced 20 to 40 million Chinese cyber attacks in 2019, and the number may well have increased since. These “attacks” are not necessarily destructive hacks, however, as China is fond of propaganda and misinformation campaigns in the region. For example, after U.S. House Speaker Nancy Pelosi’s controversial visit to the island in 2022, Chinese agents spread fake messages of incoming missiles and evacuations on social media and hacked digital signs at train stations and 7-Eleven convenience stores throughout the country. Significant resources appear to be committed to evading cyber defenses as these agents often establish profiles making them appear to be legitimate citizens for months or years.
Chinese cyber attacks also often take the form of simple distributed denial of service (DDoS) campaigns, meant to temporarily knock a website offline; this happened to president Tsai Ing-wen’s official government website after the Pelosi visit. The Chinese cyber attacks generally increase in frequency just before and after geopolitical events of this nature.
Cyber defense pledge would raise questions about American military commitment
Much of the present tension in Taiwan is driven by the unresolved question of whether the US would commit military resources to defend the island if China attacked, and to what degree. China has appeared to be probing this situation with increased air and naval drills that cross into Taiwanese territory.
The Taiwan Relations Act formally stipulates that the US will provide Taiwan with armaments to defend itself should China engage in an unprovoked attack, but the country’s policy on actually confronting China directly with military force remains unclear. Joe Biden made a controversial comment to this effect in September 2022 in response to a reporter’s question, seeming to confirm that the US military would get involved in Taiwan’s defense (a break from previous administrations that have played coy by arming the nation while also maintaining an official policy of not recognizing it as an independent state). After the Biden interview, the White House clarified that official policy had not changed.
The terms of the proposed bill are thus interesting, as they appear to go beyond cyber defense to make room for active “hacking back” of Chinese cyber capabilities being used against Taiwan. Some degree of this sort of thing is always expected to be taking place in the shadows, but this seems a more open policy of potentially inflammatory attacks on Chinese cyber resources.
The US Indo-Pacific Command has recently told Congress that it is seeking to streamline and integrate communications among allies in the region, noting that there are currently 13 separate networks and expressing a desire for a “single pane of glass” that could serve not just as a communications portal but also as a central hub for regional cyber defense and deterrence of Chinese cyber attacks.