Analyzing Taiwan’s Readiness and Response to PRC Offensive Cyber Operations

DALL%C2%B7E 2024 01 28 14.37.37 A digital art illustration for an article header. The image is a conceptual depiction of cyber warfare and cybersecurity between Taiwan and the People

Offensive cyber operations (OCOs) are a critical component of the PLA’s zero-sum “intelligentized” warfare strategy against Taiwan, which the Russian war in Ukraine has only reinforced (Takagi 2022). OCOs allow the PLA to engage in confrontation against Taiwan while staying below the armed conflict threshold of its use-of-force spectrum (Lee and Clay 2022), making them the optimal tool to influence and psychologically intimidate the Taiwanese populace. Thus, combined with conventional military threats, the PRC has extensively utilized OCOs to exert pressure, sow dissent, conduct espionage, and sabotage infrastructure in Taiwan, targeting government and military networks, critical infrastructure, private corporations, and academic institutions (Farmer 2022). In fact, Taiwan has been the country most targeted by disinformation since 2013 (Brandt et al. 2022), much of it from the PRC (Wang 2022). Furthermore, given that Taiwan is a global technological hub at the forefront of semiconductor innovation, the PRC has also extensively pursued cyber intrusions to steal the intellectual property of Taiwan’s semiconductor industry (Greenberg 2020).

Taiwan’s current President, Tsai Ing-wen, has continually emphasized the importance of cybersecurity throughout her administration. Tsai has not only vocally stressed the importance of resilient cybersecurity mechanisms to protect Taiwan, but also created significant new agencies, frameworks, and research and educational initiatives to tackle PRC OCOs. Supplementing her statement that “cybersecurity is national security” (Formosa TV 2022), Tsai has highlighted the importance of international cooperation in strengthening national security in cyberspace (OCAC 2023). While Tsai has accentuated the centrality of dynamic Taiwanese cyber defenses through her words and actions, Taiwan has not sufficiently hardened its cyber defenses throughout her two terms. Tsai could implement more effective policies to unleash Taiwan’s cyber potential fully.

Recognizing the value of OCOs, the PRC has extensively developed its offensive cyber capabilities over the past few decades. The Office of the Director of National Intelligence’s 2023 Annual Threat Assessment (ATA) noted that the PRC is likely the “broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks” (CISA, n.d.). The ATA further notes that the PRC is almost certainly capable of launching OCOs to disrupt critical US infrastructure and military assets, conduct political and industrial espionage, manipulate and censor discourse, initiate influence campaigns, and pre-position advanced persistent threats (APTs) (ODNI 2023). Besides organized state-sponsored cyber units like the PLA’s Unit 61398 (Sanger, Barboza, and Perlroth 2013), the PRC has extensively supported non-state “patriotic hackers” launching OCOs as well (CFR 2017). Given Taiwan’s proximity, small size, and unique situation, however, it is even more exposed to PRC cyber threats.

From the first major PRC-Taiwan cyber confrontation in 1999, when PRC hackers hacked into Taiwanese computer networks after Taiwan’s president called for equal PRC-Taiwan global representation (Laris 1999), Taiwan has continually been under attack by PRC OCOs. As such, both presidents preceding Tsai, Chen Shui-bian and Ma Ying-jeou, have launched a total of four successive cybersecurity programs (Jing 2019). In Chen’s “Phase 1 Mechanism Program” (2001-2004), he created the National Information and Communication Security Taskforce (NICST) to establish categorizations for various cyber threat levels and basic cybersecurity protection systems for 3,713 Taiwanese government agencies. Chen followed up his initial Program with the “Phase 2 Mechanism Program” (2005-2008), bringing educational institutions into the cybersecurity protection systems, expanding the number of agencies covered to 6,797, and establishing the National Security Operations Center (N-SOC) modeled off the US National Security Agency’s SIGINT-reporting equivalent.

Ma succeeded Chen with the “Phase 3 Development Program” (2009-2012), implementing dozens of action plans to improve cybersecurity information sharing and readiness, engaging civil society in cybersecurity, and establishing the Government Information Sharing and Analysis Center (G-ISAC). Within G-ISAC, Ma hoped to develop early warning and standardized cyber incident response procedures (National Institute of Cyber Security 2023). In Ma’s second term, he initiated the “Phase 4 Development Program” (2013-2016), reforming N-SOC with private sector input, encouraging Taiwanese cybersecurity industry development, increasing cybersecurity incident simulations, and expanding cybersecurity talent initiatives and international exchange. However, while admitting that Taiwan continues to face PRC OCOs, Ma himself conceded that closer cross-strait ties during his tenure led to “occasional incidents” of Taiwan’s secrets being leaked to the PRC (Mishkin and Pilling 2013). Furthermore, during Ma’s second term, Taiwan’s National Security Bureau (NSB) warned that PRC OCOs targeting Taiwan had begun expanding beyond stealing information to gradually destroying critical infrastructure (Kan 2013). As such, closer PRC-Taiwan economic ties under Ma seem to have increased complex interdependence (Keohane and Nye 1977). From a constructivist lens, it would naturally follow that Taiwan’s cybersecurity policies may be less stringent and enforced during Ma’s tenure (Checkel 1998).

While Ma made some steps toward improving Taiwan’s cybersecurity landscape, Tsai took office amidst “severe” cyberattacks from the PRC (Tiezzi 2014) as Taiwan was becoming a “testing ground” for sophisticated PRC OCOs (Gold 2013). Given Tsai’s rejection of the 1992 Consensus and attempt to distance Taiwan from the PRC, the PRC has targeted Taiwanese government agencies alone with thousands of daily cyberattacks (Maizland 2023), up from cyberattacks every few days during the Ma administration (Tiezzi 2014). Furthermore, as Tsai sought to lessen Taiwan’s dependence on the PRC, she faced the dilemma of balancing cybersecurity with economic development and trade, given that Ma’s tenure catapulted the PRC to Taiwan’s largest trading partner (International Trade Administration 2022) and source of tourists (Glaser et al. 2018). Given Tsai’s firm convictions on Taiwanese sovereignty, a constructivist lens can again be applied to frame Tsai’s cyber policies. As such, it would logically ensue that the policies of Tsai’s administration assiduously attempt to diversify Taiwan’s economic ties and reduce its vulnerability to PRC cyber intrusions. Even more concerningly, Ma’s administration left an apparent lack of organizational and legal effectiveness in Taiwan’s cybersecurity apparatus. While NICST was supposed to be the central interagency cybersecurity governance mechanism, its secretariat was relegated to an ad-hoc level within the Executive Yuan. Moreover, Ma’s existing government cybersecurity regulations were only executive orders, and cybersecurity legislation was nonexistent.

Tsai Ing-wen’s First Term

After beginning her term, Tsai began focusing on strengthening Taiwan’s cyber infrastructure through her “Phase 5 National Cyber Security Program (2017-2020)” (NICST 2017). Given concerns over the neglected state of Taiwan’s cybersecurity, Tsai more than doubled Taiwan’s cybersecurity budget from $1.5 billion NTD ($48 million USD) to $3.7 billion NTD ($119 million USD) (Executive Yuan 2018). With an increased budget, Tsai reorganized NICST’s secretariat into a higher-level Department of Cybersecurity (DCS) in August 2016 and pushed the Cyber Security Management Act (CSMA) through the Legislative Yuan in May 2018 (Jing 2019). However, the first cracks already began appearing, with DCS falling 552 people short of its 1,224 full-time staffing goal (Liberty Times 2018). Along with the DCS under the Executive Yuan, Tsai also completed the cyber “Iron Triad” with the National Information and Communications Security Office (NICSO) under Taiwan’s National Security Council and National Communications and Cyber Security Center (NCCSC) under the National Communications Commission (Jing 2019). Through the “Iron Triad,” Tsai facilitated the effective delegation of cybersecurity advising under NICSO, cyber policy implementation under DCS, and critical infrastructure protection under NCCSC. As such, the Executive Yuan could more effectively oversee and mandate cybersecurity measures within government agencies, affiliated industry partners, and critical infrastructure operators (Legislative Yuan 2018). Each cyber task force could play to its parent agency’s comparative advantages, solidifying a constructive cyber defense framework. In the military realm, Tsai created the fourth branch of Taiwan’s armed forces in July 2017, the Information, Communication, and Electronic Force (ICEF) Command. As the first of its kind in the world, Tsai tasked ICEF with coordinating innovative OCO identification, tracking, and response within Taiwan’s military, government, and commercial industries (MND 2017). Furthermore, Tsai began encouraging interagency collaborations (Jing 2019) between Taiwan’s Ministry of National Defense, Ministry of Education, Ministry of Economic Affairs, and Ministry of Science and Technology (now the National Science and Technology Council) (Legislative Yuan 2023) to develop cybersecurity education programs via industry-academic partnerships, competitions, and internships (羅正漢 2018). To counter digital disinformation, Tsai created anti-disinformation task forces within the Ministry of Justice Investigation Bureau (MJIB), Ministry of National Defense (MND), and NSB, and amended laws to combat intentional fake news propagation (Dickey 2019). She also encouraged public-private partnerships with social media apps like Line (Lange and Lee 2020) and civil society groups like Doublethink Lab to expose PRC disinformation campaigns (Shen and Wu 2019). Furthermore, Tsai and the DPP pushed the Anti-Infiltration Act through the Legislative Yuan two weeks before the 2020 presidential election, criminalizing political funding and support from “hostile external forces” (Legislative Yuan 2020). However, the bill sparked furious KMT dissent over free speech concerns and was weaponized by PRC rumor mills as a DPP power grab. In response, Taiwan’s Premier Su Tseng-cheng posted a meme clarifying the law’s purpose and parameters, borrowing from Digital Minister Audrey Tang’s “humor over rumor” playbook (Quirk 2021). Besides the KMT, however, reporters have also raised legitimate concerns over potential online censorship enabled by the law (Aspinwall 2020). Thus, in the Anti-Infiltration Act’s legal implementation, Tsai must tread carefully to preserve Taiwan’s democracy by ensuring legitimate free speech and privacy are protected. Portraying Taiwanese individuals and political parties as Chinese trolls may inadvertently play into the PRC’s narratives regarding democracy’s shortcomings and create a highly censored environment in Taiwan.

PRC OCOs followed Tsai into office, starting right after she won Taiwan’s 2016 presidential election. Less than a week after Tsai’s victory, the PRC began its relentless disinformation barrage. Bypassing the Great Firewall, PRC netizens spammed Tsai’s Facebook page with over 35,000 comments indicating Taiwan is part of China (Huang 2016). The following year, Taiwan’s NSB attributed disinformation efforts regarding Tsai’s pension reforms on Line—Taiwan’s most popular chat app—to PRC content farms (Liberty Times 2017). PRC actors claimed that Tsai would freeze pension payments for citizens traveling overseas, which Tsai’s Pension Reform Committee later had to refute (Presidential Office 2017). In 2018, the PRC spread disinformation on PTT—a popular Taiwanese online bulletin board—about stranded Taiwanese travelers being rescued by the PRC’s consulate in Osaka, which caused Taiwan’s top diplomat in Osaka to commit suicide (Horton 2018). Soon after, PRC hackers altered the DPP’s website before the 2018 midterm elections to display simplified Chinese characters insinuating that Tsai would invite the US military to Taiwan if the DPP won (Liberty Times 2018). Even more insidiously, PRC-affiliated entities, potentially the PLA’s Strategic Support Force (SSF) and United Front Work Department (Quirk 2021), helped promote Han Kuo-yu’s Kaohsiung mayoral campaign and catapult him to victory (Huang 2019). Whether patriotic PRC netizens, paid “wumao” trolls, or PLA SSF soldiers, the founders of Han’s largest unofficial Facebook fan page had simplified Chinese names and fake identities, and likely paid for social media advertisements to increase Han’s fan page following. At the same time, a DPP legislator’s Facebook page was flooded with over a million hate comments after he criticized Han, and Han’s DPP opponent in Kaohsiung was bombarded with hundreds of hate comments whenever he tried live-streaming on Facebook (翁子竣 2018). Aside from disinformation, four PRC-linked hacker groups attacked at least ten Taiwanese government agencies and four Taiwanese information services companies with government customers from 2018 to 2020. Unfortunately, Taiwan’s MJIB revealed that the hackers accessed the emails of around 6,000 officials, obtaining personal citizens’ data (Behr 2020). Incidents like these highlight the PRC’s 2015 shift from focusing exclusively on government targets to both public and private ones (Pan and Willis 2023), likely to undermine Tsai’s cybersecurity credibility and private sector support.

While Tsai made substantial steps to improve Taiwan’s cybersecurity by increasing the allocated budget, upgrading executive and legislative cyber infrastructure, encouraging interagency collaboration, and establishing public-private anti-disinformation partnerships, her first term cyber record has been mixed. Tsai failed to do enough to combat PRC OCOs as they continued to evolve, leading to severe PRC APTs slipping through Taiwan’s cyber defense. However, although the PRC seemed to have successfully used Han’s 2018 Kaohsiung mayoral election as a testing group for their election interference techniques, it seems like Taiwanese voters were savvier during the 2020 election after they were provided more education on recognizing disinformation and its consequences. Furthermore, Taiwanese so-called “memetic warfare” techniques seem to have been quite effective in neutering PRC disinformation and increasing truth propagation (Blanchette et al. 2021). Overall, although the frequency of PRC OCOs declined from the beginning to the end of Tsai’s first term, their success rates have increased as the OCOs have become more difficult to detect (Yu 2018).

Tsai Ing-wen’s Second Term

As Tsai transitioned from her first to second term, the PRC hit Taiwan with 1.4 billion cyberattacks against Taiwan from September 2019 to August 2020 (Lin and Hetherington 2022). During the 2020 presidential election season, a likely Beijing-backed content farm in Malaysia emerged to promote pro-CCP narratives, alleging the CIA manipulated Taiwan’s election. Soon after Tsai won the 2020 election, the content farm pivoted to discrediting her administration, not only alleging that Tsai faked her LSE PhD, but also inflating Taiwan’s COVID-19 case statistics to insinuate Tsai mishandled Taiwan’s pandemic response (Monaco, Smith, and Studdart 2020). While cyber incursions remained a threat by the beginning of Tsai’s second term, Taiwan seemed to have dulled the effects of PRC disinformation campaigns alone. Thus, the PRC began ever more aggressive information operations featuring sophisticated technical and psychological OCOs in combination with diplomatic, military, and economic pressure, exerting pressure across the entire DIME framework (JCS 2018).

Tsai’s “Phase 6 National Cyber Security Program (2021-2024)” cites three main objectives to build Taiwan into a safe and resilient smart country. First, the Program seeks to make Taiwan the leading Asia-Pacific cybersecurity research and training hub by attracting global talent, increasing cybersecurity research, and training domestic talent. Second, the Program aims to construct a proactive cyber defense infrastructure in collaboration with international partners to detect and mitigate threats early. Third, the Program calls for more public-private cybersecurity partnerships, sharing awareness, best practices, and capabilities among both sectors (NICST 2021). Remarkably in lockstep with the plan, Taiwan’s cybersecurity sector far outpaced the corresponding 2.8% global growth average, expanding by 11.9% between 2020-2021 (Yang 2022). Nonetheless, Tsai’s most transformative change by far was consolidating Taiwan’s digital communications, cybersecurity, information, internet, and media under the Ministry of Digital Affairs (MODA), of which the DCS became a subsidiary entitled the Administration for Cyber Security (ACS) (MODA, n.d.). However, considering that the MODA was charged with the Executive Yuan’s entire digital portfolio, including governance, infrastructure, and economic and national transformation, its jurisdiction and mandate became extremely broad. Financial and human resources initially dedicated to the DCS may be reshuffled to favor MODA mission components other than the ACS, and inefficiency, conflict, duplication, groupthink, and waste can become commonplace. Inherently, cybersecurity requires agility (NIST, n.d.), and consolidating all digital functions under MODA may add unnecessary bureaucratic bloat atop all levels of the cybersecurity risk management cycle: identification, assessment, mitigation, and monitoring (US Department of Energy 2012). At its heart, MODA’s mandate is to model good digital governance, but it is unclear whether it even has the authority to create and implement digital governance regulations, not to mention how it plans to do so while preventing the privacy and human rights violations that plagued Taiwan’s authoritarian past (Robbins and Tang 2022).

Tsai’s second term featured significant PRC OCOs targeting Taiwan’s public and private sectors. In 2021, PRC-affiliated cyber groups began infiltrating Taiwanese financial institutions with APTs, exfiltrating data from corporate systems (Symantec 2022) and making unauthorized transactions on the Hong Kong stock market (CFR 2017). That same year, PRC hackers infiltrated civil society groups in Taiwan, focusing on academic and governmental networks (CFR 2021). When US House Speaker Nancy Pelosi visited Taiwan in August 2022, however, the PRC began unprecedented technical and psychological cyber assaults on Taiwan in coordination with the entire DIME framework. On the cyber technical side, PLA and MSS-affiliated hackers carried out distributed denial-of-service (DDoS) attacks on four Taiwanese government websites, flooding them with traffic to make them inoperable. These attacks aimed to demonstrate the Taiwanese government’s inability to prevent disruption of its services, thereby shattering the public illusion of security (Collier 2022). Specifically, the attacks targeted the official websites of Taiwan’s Presidential Office, the Ministry of National Defense, the Ministry of Foreign Affairs, and Taiwan Taoyuan International Airport (Taiwan’s largest airport) (Paganini 2022). These attacks aim to compromise the confidentiality, integrity, and availability of sensitive data and systems while disrupting Taiwan’s economy and critical infrastructure. Simultaneously, the PRC’s cyber psychological operations in Taiwan intended to humiliate Taiwan’s government and induce fear in the broader public. After Pelosi’s visit, PLA SSF-affiliated actors defaced National Taiwan University’s website to display, “There is only one China in the world” (Huang 2022), and hacked the monitors of over 6,000 7/11 stores and multiple train stations to display vitriolic anti-Pelosi and anti-US messages (Xiao and Boscaini 2022). In response to the DDoS attacks, Taiwan’s MODA announced it would begin integrating decentralized Web3 technology into its own website to guard against future attacks (Haldane and Shen 2022). However, the MODA has not announced any plans to implement the same standard government-wide, perhaps due to bureaucratic constraints. Aside from technical protections, Taiwan’s Ministry of Education began incorporating media literacy into its teaching guidelines, requiring all schoolchildren aged 6 to 18 to learn methods to identify disinformation (Sass 2022). Following Tsai’s DCS reorganization under MODA, PRC cyberattacks have been able to target all aspects of society, including but not limited to government, critical infrastructure, healthcare, manufacturing, technology, and media (CFR 2023). By early 2023, Taiwan began facing an incredible 15,000 cyberattacks per second (Wu and Kao 2023), indicating that malicious actors may be taking advantage of the DCS’ bureaucratic transition into a sub-administration of MODA.

Although Taiwan’s cybersecurity industry may be growing exponentially in the face of growing cyber threats from the PRC, Taiwan needs to manage and deploy domestic public and private cyber talent more effectively. So far, the MODA realignment appears to cause more bureaucratic headaches than meaningful progress. If the MODA’s bureaucratic inertia continues, it may be best to revert back to the dedicated DCS and pre-existing “Iron Triad” framework that Tsai established in her first term, which would also reduce ethical concerns over digital information centralization. Given that Taiwan is still in dire need of cyber talent, Tsai should also focus on reforming Taiwan’s reserve ecosystem and allow cyber experts to hone their information security skills in the government. If the reserve forces are successfully reformed, elite private sector cyber talent may be more inclined to apply their skills in public service. As for research, however, Tsai seems to have successfully cultivated a public-private cybersecurity hub in southern Taiwan centered around the Cybersecurity & Smart Technology R&D Building (Ministry of Economic Affairs 2023), supplemented with university branch offices researching information security (Chung 2023). Nonetheless, major cyber R&D successes from the hub are yet to be realized (National Science and Technology Council, n.d.). Tsai also vowed to deepen global cyber partnerships (Kyodo News 2023), and seems to be making some progress in 2023 via high-level international Taiwan trips and legislation such as the US Department of Commerce Cybersecurity Business Development Mission visit (International Trade Administration 2023) and US Congress’ Taiwan Cybersecurity Resiliency Act respectively (Rosen 2023). Furthermore, on global cyber talent recruitment, Tsai has successfully attracted significant multinational cybersecurity companies like Cisco to create talent cultivation centers in Taiwan (Ministry of Foreign Affairs 2021). Yet, increased PRC pressure on Taiwan’s legal status has made multilateral cyber engagement and recruitment through bodies like Interpol and the International Multilateral Partnership Against Cyber Threats (Interpol 2012) challenging, forcing Taiwan to pursue more time-consuming unofficial bilateral cyber relationships instead.

Conclusion

While she fortified Taiwan’s cyber defenses much more than her predecessors, Tsai needs to continue improving Taiwan’s cyber policies and implementation to live up to her lofty promise that “cybersecurity is national security.” In her first term, Tsai dramatically doubled Taiwan’s cyber budget, created new civilian and military cyber agencies, encouraged public-private partnerships, and passed Taiwan’s first cybersecurity legislation. However, PRC technical and psychological OCOs continued successfully targeting Taiwan’s government, critical infrastructure, industry, and elections. Throughout Tsai’s second term, she set even loftier goals to make Taiwan an Asia-Pacific cyber hub, innovate more proactive cyber defenses, and dramatically expand public-private collaboration. Tsai also consolidated Taiwan’s digital affairs under the MODA, giving it a triple mandate of economic development, cybersecurity, and digital governance. Nonetheless, PRC OCOs continued targeting all aspects of Taiwanese society at an unprecedented scale, and the centralized MODA faced significant ethical and regulatory dilemmas, indicating that some of Tsai’s second-term goals may have been too ambitious. Overall, Tsai constructed meaningful cyber frameworks throughout her first and second terms in office, but to optimally deploy Taiwan’s cyber talent pool, she must limit inefficiencies and red tape within her cyber policies.

Given how Taiwan is the world’s top target of cyberattacks (Wu and Chao 2023), much of it from the PRC, Tsai has had to create many experimental and unprecedented cyber policies throughout both her terms. Especially for Taiwanese partners like Japan, which has only recently started to bolster its cyber defenses (Yamaguchi 2022) while hovering at less than half of Taiwan’s cyber defense budget previously (Pryor and Le 2018), Taiwan’s frontline experience combating PRC OCOs will be invaluable. Even for the US, which has more than ten times Taiwan’s cybersecurity funding (White House 2022), Taiwan is an essential cyber partner, given that PRC OCOs are frequently tested in Taiwan first before targeting the US (White 2018). Moreover, Taiwan itself must properly mitigate PRC OCOs to successfully thwart potential cross-strait contingencies, which would likely begin with cyber salvos disrupting critical communications infrastructure (Sabin 2023). Tsai has prioritized cybersecurity amidst acute and growing PRC cyber threats, but work remains to fully address gaps, mitigate emerging threats, and balance ethical free speech and privacy concerns. If Tsai can optimally identify top talent, technology, and partnerships while mitigating disinformation and maintaining ethical principles, Taiwan and its allies will effectively counter most, if not all, PRC OCOs.

References

Featured/Headline Image Caption and Citation: Taiwanese officials are being targeted by PRC offensive cyber operations | Image generated with the assistance of DALL·E 3

羅正漢. 2018. “國家資安人才培訓新戰略,行政院資安學院本周開跑.” iThome. https://www.ithome.com.tw/news/126584.

翁子竣. 2018. “邱議瑩臉書遭百萬網友灌爆 綠委:留言是「機器人」按出來的.” 風傳媒. https://www.storm.mg/article/598922?srcid=7777772e73746f726d2e6d675f6e756c6c_1558589035.

Aspinwall, Nick. 2020. “Taiwan’s War on Fake News Is Hitting the Wrong Targets.” Foreign Policy. https://foreignpolicy.com/2020/01/10/taiwan-election-tsai-disinformation-china-war-fake-news-hitting-wrong-targets/.

Behr, Michael. 2020. “Taiwan Subject to String of Chinese Cyberattacks Since 2018.” Digit News. https://www.digit.fyi/taiwan-subject-to-string-of-chinese-cyberattacks-since-2018/.

Blanchette, Jude, Scott Livingston, Bonnie S. Glaser, and Scott Kennedy. 2021. “Protecting Democracy in an Age of Disinformation.” Center for Strategic and International Studies, (January). https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/210127_Blanchette_Age_Disinformation.pdf.

Brandt, Jessica, Maiko Ichihara, Nuurrianti Jalli, Puma Shen, and Aim Sinpeng. 2022. “Impact of disinformation on democracy in Asia.” Brookings Institution. https://www.brookings.edu/wp-content/uploads/2022/12/FP_20221216_democracy_asia_disinformation.pdf.

Checkel, Jeffrey T. 1998. “The Constructivist Turn in International Relations Theory.” World Politics 50, no. 2 (January): 324–348. 10.1017/S0043887100008133.

Chung, Li-hua. 2023. “Cybersecurity research plans released.” Taipei Times. https://www.taipeitimes.com/News/front/archives/2023/05/08/2003799357.

Collier, Kevin. 2022. “Taiwanese websites hit with DDoS attacks as Pelosi begins visit.” NBC News. https://www.nbcnews.com/tech/security/taiwanese-websites-hit-ddos-attacks-pelosi-begins-visit-rcna41144.

Council on Foreign Relations. 2017. “When China’s White-Hat Hackers Go Patriotic.” https://www.cfr.org/blog/when-chinas-white-hat-hackers-go-patriotic.

Council on Foreign Relations. 2021. “Targeting of civil society groups in Nepal, the Philippines, Taiwan, and Hong Kong.” https://www.cfr.org/cyber-operations/targeting-civil-society-groups-nepal-philippines-taiwan-and-hong-kong.

Council on Foreign Relations. 2022. “Targeting of Taiwanese financial institutions.” https://www.cfr.org/cyber-operations/targeting-taiwanese-financial-institutions.

Council on Foreign Relations. 2023. “Targeting of a Taiwanese media organization.” https://www.cfr.org/cyber-operations/targeting-taiwanese-media-organization.

Council on Foreign Relations. 2023. “Targeting East Asian and Southeast Asian health-care, manufacturing, technology, and government organizations.” https://www.cfr.org/cyber-operations/targeting-east-asian-and-southeast-asian-health-care-manufacturing-technology-and.

Council on Foreign Relations. 2023. “Targeting of Taiwanese government and critical infrastructure operators.” https://www.cfr.org/cyber-operations/targeting-taiwanese-government-and-critical-infrastructure-operators.

Cybersecurity and Infrastructure Security Agency. n.d. “China Cyber Threat Overview and Advisories.” Accessed August 17, 2023. https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/china.

Dickey, Lauren. 2019. “Confronting the Challenge of Online Disinformation in Taiwan.” Stimson Center. https://www.stimson.org/wp-content/files/file-attachments/StimsonTaiwanSecurityBrief2019.pdf.

Executive Yuan. 2018. “Action Plan for Cybersecurity Industry Development (2018-2025).”

Farmer, Brit M. 2022. “China’s cyber assault on Taiwan – 60 Minutes.” CBS News. https://www.cbsnews.com/news/china-cyber-assault-taiwan-60-minutes-2022-10-09/.

民視英語新聞 Formosa TV English News. 2022. “Cybersecurity is national security: President Tsai.” YouTube. https://www.youtube.com/watch?v=lJyMkjirhOs.

Glaser, Bonnie S., Scott Kennedy, Derek Mitchell, and Matthew P. Funaiole. 2018. “‘Taiwan and Tourism’ The New Southbound Policy: Deepening Taiwan’s Regional Integration.” Center for Strategic and International Studies. http://www.jstor.org/stable/resrep22471.12.

Gold, Michael. 2013. “Taiwan a ‘testing ground’ for Chinese cyber army.” Reuters. https://www.reuters.com/article/taiwan-cyber/taiwan-a-testing-ground-for-chinese-cyber-army-idINDEE96H0KX20130718.

Greenberg, Andy. 2020. “Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry.” WIRED. https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/.

Haldane, Matt, and Xinmei Shen. 2022. “Taiwan’s Digital Affairs ministry turns to Web3 to guard against mainland China cyberattacks following Pelosi’s visit.” South China Morning Post. https://www.scmp.com/tech/tech-trends/article/3188434/taiwans-digital-affairs-ministry-turns-web3-guard-against-mainland.

Horton, Chris. 2018. “Specter of Meddling by Beijing Looms Over Taiwan’s Elections.” The New York Times. https://www.nytimes.com/2018/11/22/world/asia/taiwan-elections-meddling.html.

Huang, Marco. 2016. “Chinese Netizens Flood Tsai Ing-Wen’s Facebook Page With Anti-Taiwan Independence Posts.” The Wall Street Journal. https://www.wsj.com/articles/BL-CJB-28552.

Huang, Paul. 2019. “Chinese Cyber-Operatives Boosted Taiwan’s Insurgent Candidate.” Foreign Policy. https://foreignpolicy.com/2019/06/26/chinese-cyber-operatives-boosted-taiwans-insurgent-candidate/.

Huang, Tzu-ti. 2022. “National Taiwan University hacked as Chinese warn more to come.” Taiwan News. https://www.taiwannews.com.tw/en/news/4619255.

International Trade Administration. 2022. “Taiwan – Market Overview.” https://www.trade.gov/country-commercial-guides/taiwan-market-overview.

International Trade Administration. 2023. “Announcement of Approved International Trade Administration Trade Mission.” Federal Register. https://www.federalregister.gov/documents/2023/06/15/2023-12833/announcement-of-approved-international-trade-administration-trade-mission.

Interpol. 2012. “Cooperation Agreement between the International Criminal Police Organization-INTERPOL and the International Multilateral Partnership Against Cyber Threats-IMPACT.” https://www.interpol.int/content/download/11270/file/international%20multilateral%20partnership%20against%20cyber%20threats%20IMPACT.pdf.

Jing, Bo-jiun. 2019. “Cybersecurity as a Sine Qua Non of Digital Economy: Turning Taiwan into a Reliable Digital Nation?” Stimson Center. https://www.stimson.org/wp-content/files/file-attachments/StimsonTaiwanSecurityBrief2019.pdf.

Joint Chiefs of Staff. 2018. “Joint Doctrine Note 1-18 Strategy.” https://www.jcs.mil/Portals/36/Documents/Doctrine/jdn_jg/jdn1_18.pdf.

Kan, Michael. 2013. “Taiwan security official warns of crippling Chinese cyberattacks.” Computerworld. https://www.computerworld.com/article/2713847/taiwan-security-official-warns-of-crippling-chinese-cyberattacks.html.

Keohane, Robert O., and Joseph S. Nye. 1977. Power and Interdependence. Boston: Little, Brown and Company.

Kyodo News. 2023. “Taiwan vows to deepen global partnership against cyber threats.” Kyodo News. https://english.kyodonews.net/news/2023/05/88d3b6c9a155-taiwan-vows-to-deepen-global-partnership-against-cyber-threats.html.

Lange, Elizabeth, and Doowan Lee. 2020. “How One Social Media App Is Beating Disinformation.” Foreign Policy. https://foreignpolicy.com/2020/11/23/line-taiwan-disinformation-social-media-public-private-united-states/.

Laris, Michael. 1999. “Chinese Web Warriors.” The Washington Post. https://www.washingtonpost.com/archive/politics/1999/09/11/chinese-web-warriors/bf004cfe-1e46-4013-a3f7-3b4dacf805e6/.

Lee, Roderick, and Marcus Clay. 2022. “Don’t Call It a Gray Zone: China’s Use-of-Force Spectrum.” War on the Rocks. https://warontherocks.com/2022/05/dont-call-it-a-gray-zone-chinas-use-of-force-spectrum/.

Legislative Yuan. 2018. “Cyber Security Management Act.” Laws and Regulations Database of The Republic of China (Taiwan). https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=A0030297.

Legislative Yuan. 2020. “Anti-Infiltration Act.” Laws and Regulations Database of The Republic of China (Taiwan). https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=A0030317.

Legislative Yuan. 2023. “Organizational Act of the Executive Yuan.” Laws & Regulations Database of The Republic of China (Taiwan). https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=A0010032.

Liberty Times. 2017. “國安單位:反年改陳抗 有中國勢力介入.” 自由時報. https://news.ltn.com.tw/news/focus/paper/1119633.

Liberty Times. 2018. “政院攬才 打造世界級資安研訓機構.” 自由時報. https://news.ltn.com.tw/news/politics/paper/1189990.

Liberty Times. 2018. “民進黨官網遇駭 疑中國網軍攻擊.” 自由時報. https://news.ltn.com.tw/news/focus/paper/1213888.

Lin, Tsuei-yi, and William Hetherington. 2022. “China intensifying cyberattacks against Taiwan: report.” Taipei Times. https://www.taipeitimes.com/News/front/archives/2022/11/29/2003789784.

Lo, Tien-pin, and Jonathan Chin. 2018. “Hackers deface DPP Web site, say KMT is next.” Taipei Times. https://www.taipeitimes.com/News/taiwan/archives/2018/07/04/2003696051.

Maizland, Lindsay. 2023. “Why China-Taiwan Relations Are So Tense.” Council on Foreign Relations. https://www.cfr.org/backgrounder/china-taiwan-relations-tension-us-policy-biden.

Ministry of Digital Affairs. n.d. “Structure and Functions.” Accessed August 17, 2023. https://moda.gov.tw/en/aboutus/functions/622.

Ministry of Economic Affairs. 2023. “Tainan’s Shalun Science City a cybersecurity hub.” Taipei Times. https://www.taipeitimes.com/News/taiwan/archives/2023/06/21/2003801936.

Ministry of Foreign Affairs. 2021. “Cisco launches cybersecurity talent center in Taiwan.” Taiwan Today. https://taiwantoday.tw/news.php?unit=6&post=196269.

Ministry of National Defense. 2017. “2017 Quadrennial Defense Review.” https://www.mnd.gov.tw/NewUpload/%e6%ad%b7%e5%b9%b4%e5%9c%8b%e9%98%b2%e5%a0%b1%e5%91%8a%e7%b8%bd%e6%aa%a2%e8%a8%8e(QDR)/%e6%ad%b7%e5%b9%b4%e5%9c%8b%e9%98%b2%e5%a0%b1%e5%91%8a%e7%b8%bd%e6%aa%a2%e8%a8%8e(QDR).files/%e6%ad%b7%e5%b9%b4%e5%9c%8b%e9%98%b2%e5%a0%.

Mishkin, Sarah, and David Pilling. 2013. “Taiwan president warns on China spying.” Financial Times. https://www.ft.com/content/3423e56e-99c2-11e2-83ca-00144feabdc0.

Monaco, Nick, Melanie Smith, and Amy Studdart. 2020. “Detecting Digital Fingerprints: Tracing Chinese Disinformation in Taiwan.” International Republican Institute, (August). https://www.iri.org/resources/detecting-digital-fingerprints-tracing-chinese-disinformation-in-taiwan/.

National Information and Communication Security Taskforce. 2017. “National Cyber Security Program of Taiwan (2017 to 2020).” https://www.twncert.org.tw/Download/National%20Cyber%20Security%20Program%20of%20Taiwan%20(2017-2020).pdf.

National Information and Communication Security Taskforce. 2021. “National Cyber Security Program of Taiwan (2021 to 2024).” https://www.twncert.org.tw/Download/National%20Cyber%20Security%20Program%20of%20Taiwan%20(2021-2024).pdf.

National Institute of Cyber Security. 2023. “Introduction of National Information Sharing and Analysis Center (N-ISAC).” https://www.nics.nat.gov.tw/NISAC-1.htm?lang=en.

National Institute of Standards and Technology. n.d. “agility – Glossary | Computer Security Resource Center.” Accessed August 17, 2023. https://csrc.nist.gov/glossary/term/agility.

National Science and Technology Council. n.d. “About Us | Cybersecurity & Smart Technology R&D Building.” Accessed August 17, 2023. https://stb.stpi.narl.org.tw/page/introduction.

Office of the Director of National Intelligence. 2023. “Annual Threat Assessment of the U.S. Intelligence Community.” https://www.dni.gov/files/ODNI/documents/assessments/ATA-2023-Unclassified-Report.pdf.

Overseas Community Affairs Council. 2023. “Ex-U.S. official urges public-private collaboration on cybersecurity.” https://www.ocac.gov.tw/OCAC/Eng/Pages/Detail.aspx?nodeid=329&pid=53165360.

Paganini, Pierluigi. 2022. “Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit.” Security Affairs. https://www.securityaffairs.co/133997/breaking-news/taiwan-hit-cyberattacks.html.

Pan, Lulia L., and Matthew Willis. 2023. “The CCP Cyber Threat to Taiwan.” Global Disinformation Lab. https://gdil.org/the-ccp-cyber-threat-to-taiwan/.

Presidential Office. 2017. “【澄清稿】有關「政府以退休金為質威脅人民出國就要申報」錯誤資訊之澄清.” https://pension.president.gov.tw/News_Content.aspx?n=24EEE60D085C3437&s=03BEA1A211D5A972.

Pryor, Crystal, and Tom Le. 2018. “Looking Beyond 1 Percent: Japan’s Security Expenditures.” The Diplomat. https://thediplomat.com/2018/04/looking-beyond-1-percent-japans-security-expenditures/.

Quirk, Sean P. 2021. “Lawfare in the Disinformation Age: Chinese Interference in Taiwan’s 2020 Elections.” Harvard International Law Journal 62, no. 2 (May). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3939849.

Robbins, Sam, and Chia-Shuo Tang. 2022. “Hopes and Concerns for Taiwan’s New Ministry of Digital Affairs.” The Diplomat. https://thediplomat.com/2022/08/hopes-and-concerns-for-taiwans-new-ministry-of-digital-affairs/.

Rosen, Jacky. 2023. “Rosen, Rounds, Gallagher, Houlahan Introduce Bipartisan, Bicameral Legislation to Counter Chinese Cyber Aggression against Taiwan.” https://www.rosen.senate.gov/2023/04/20/rosen-rounds-gallagher-houlahan-introduce-bipartisan-bicameral-legislation-to-counter-chinese-cyber-aggression-against-taiwan/.

Sabin, Sam. 2023. “Researchers offer hints of cyber’s role in possible Taiwan invasion.” Axios. https://www.axios.com/2023/05/26/microsoft-taiwan-china-cybersecurity-volt-typhoon.

Sanger, David E., David Barboza, and Nicole Perlroth. 2013. “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.” The New York Times. https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html.

Sass, Maren. 2022. “How Taiwan is countering Chinese disinformation.” Deutsche Welle. https://www.dw.com/en/how-taiwan-is-countering-chinese-disinformation/a-62931086.

Shen, Puma, and Min Hsuan Wu. 2019. “Doublethink Lab.” https://doublethinklab.org/.

Symantec. 2022. “Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan.” Symantec Threat Intelligence. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks.

Takagi, Koichiro. 2022. “The Future of China’s Cognitive Warfare: Lessons from the War in Ukraine.” War on the Rocks. https://warontherocks.com/2022/07/the-future-of-chinas-cognitive-warfare-lessons-from-the-war-in-ukraine/.

Tiezzi, Shannon. 2014. “Taiwan Complains of ‘Severe’ Cyber Attacks From China.” The Diplomat. https://thediplomat.com/2014/08/taiwan-complains-of-severe-cyber-attacks-from-china/.

US Department of Energy. 2012. “Electricity Subsector Cybersecurity Risk Management Process.” https://www.energy.gov/ceser/articles/cybersecurity-risk-management-process-rmp-guideline-final-may-2012.

Wang, Joyu. 2022. “Taiwan Is Ground Zero for Disinformation—Here’s How It’s Fighting Back.” The Wall Street Journal. https://www.wsj.com/articles/taiwans-defenses-against-information-warfare-gain-attention-11661419802.

White, Edward. 2018. “Taiwan hit by jump in cyber attacks from China.” Financial Times. https://www.ft.com/content/8e5b26c0-75c5-11e8-a8c4-408cfba4327c.

The White House. 2022. “Information Technology and Cybersecurity Funding.” https://www.whitehouse.gov/wp-content/uploads/2022/03/ap_16_it_fy2023.pdf.

Wu, Jeffrey, and Yen-hsiang Chao. 2023. “Taiwan top target for cyberattacks in Q1 of 2023: Security firm.” Focus Taiwan. https://focustaiwan.tw/sci-tech/202305150013.

Wu, Jeffrey, and Evelyn Kao. 2023. “15000 cyberattacks detected per second in Taiwan: Software provider.” Focus Taiwan. https://focustaiwan.tw/sci-tech/202308160017.

Xiao, Bang, and Joshua Boscaini. 2022. “Taiwan billboards hacked with anti-Nancy Pelosi messages during historic visit.” ABC News. https://www.abc.net.au/news/2022-08-04/taiwan-billboards-hacked-with-anti-nancy-pelosi-messages/101300164.

Yamaguchi, Mari. 2022. “EXPLAINER: Why Japan is boosting its arms capability, budget.” AP News. https://apnews.com/article/russia-ukraine-technology-japan-national-security-94000c63dcdf71cf4b54847c8938a6cd.

Yang, Sean. 2022. “The Taiwanese cybersecurity market is growing at an unprecedented rate, outperforming the global average.” Business Sweden. https://www.business-sweden.com/insights/articles/the-taiwanese-cybersecurity-market-is-growing-at-an-unprecedented-rate-outperforming-the-global-average/.

Yu, Jess M. 2018. “Chinese cyber attacks on Taiwan government becoming harder to detect: source.” Reuters. https://www.reuters.com/article/us-taiwan-china-cybersecurity/chinese-cyber-attacks-on-taiwan-government-becoming-harder-to-detect-source-idUSKBN1JB17L.

Author

Chiu Ethan portrait

Ethan Chiu is a sophomore at Yale University studying Global Affairs and History. He currently serves as the 2023-2024 YRIS International Liaison. He has previously worked at the American Enterprise Institute, Department of Defense, and American Red Cross, and is currently a research assistant at the DOD Information Strategy Research Center and National Defense University.