Xi’s desires for the forcible unification of Taiwan with China appear to be growing. But Taiwan cannot and will not be taken by cyber means alone. Chinese doctrine does, however, call for the expansive use of cyber means in the preparation, execution, and aftermath of military actions against the island.
Xi Jinping, general secretary of the Chinese Communist Party (CCP) and the nation’s head of state, is clear about his intentions for Taiwan: “The task of complete reunification of China must be achieved, and it will definitely be achieved.” He continued, “Those who forget their heritage, betray their motherland and seek to split the country will come to no good.”1 Xi’s timeline for “reunification” is unclear; however, there is growing concern that Beijing will take military action against Taipei in the next decade—not only imperiling the democratic government of Taiwan and the lives of its citizens but also potentially sparking a direct military confrontation between China and the United States, the first such war between two nuclear-armed nations.
If an operation against Taiwan takes place, it is likely to be novel in not only its relevance to nuclear arms but also how prominently it will feature cyber operations. This raises several questions: How does China strategically understand cyber operations? Who in the Chinese military would have primary responsibility for these actions? What goals would Beijing have for its cyber operations in a Taiwan scenario? What are China’s cyber advantages and Taiwan’s cyber vulnerabilities? Finally, what can be done to mitigate this threat? This chapter attempts to briefly address each question.
This task is daunting but necessary. If Xi is determined to attack Taiwan, this threat cannot be wished away. It must be seriously acknowledged, studied, and planned for. It is only by doing this that we can hope to prevent this conflagration or at least emerge victorious from it. And in so doing, we benefit from Chinese wisdom that teaches, “Plan for what is difficult while it is easy, do what is great while it is small.”2
The forcible unification of Taiwan with China cannot be achieved exclusively via cyber means because, at some point, ground must be won and held, and that requires personnel and equipment. Chinese cyber capabilities will, however, play a crucial role in any scenario, because these capabilities are increasingly central to Chinese doctrine and strategy.
The People’s Liberation Army (PLA) views cyber means as an elemental feature of “informatized” wars, in which information is both “a domain in which war occurs” and “the central means to wage military conflict.”3 Accordingly, Chinese doctrine locates cyber within the larger operational concept of information operations (IO), which also includes electronic, space, and psychological warfare. Chinese strategists say these are the key capabilities that must be coordinated as strategic weapons to “paralyze the enemy’s operational system of systems” and “sabotage the enemy’s war command system of systems.”4 In other words: The PLA believes information is the key resource on the modern battlefield and that victory is achieved by ensuring one’s own access to this resource while denying it to the enemy. IO, then, is a broad operational concept centered on defending China’s ability to collect, use, and share information while shaping its opponent’s perceptions and ability to complete these same tasks. In the age of digitized data, cyber means are crucial to informatized war.
A review of PLA writings shows a strong preference for integrating cyber defense, offense, and reconnaissance into a single effort. White papers and other documents argue that cyber superiority must be seized early in a conflict and then used to deter or degrade an enemy’s ability to attack. This is essential, they argue, for managing escalation and deterrence and demonstrating capabilities and resolve. Importantly, these lines of effort must be continually pursued, even in peacetime, if they are to have maximum effect. In the context of Taiwan, then, it is only safe to assume—and certainly there are many indicators—that China is actively laying the groundwork for information and cyber operations in support of unification and that the cyber realm will play a dominant role. But who is responsible for these actions?
The PLA’s Strategic Support Force (SSF) was established in December 2015 as part of China’s extensive military reforms. It is a theater command–level, leader-grade independent military force under the command of the Central Military Commission. The overall force structure and staffing of the SSF remains opaque, but we do have a basic sense of its operational organization (Figure 1). The SSF consists of two mission divisions—a Space Systems Department (SSD) and a Network Systems Department (NSD). The SSD has three unique missions: space launch; space telemetry, tracking, and command; and space command, control, communications, computers, intelligence, surveillance, and reconnaissance. The NSD also has three missions: cyber operations, electronic warfare, and psychological operations. Both the SSD and NSD share responsibility for counterspace and strategic intelligence missions.
Before this reform, the PLA had a discipline-centric structure in which individual cyber, electronic, space, and psychological warfare units were organized by mission (i.e., defensive, offensive, or reconnaissance). Under this old structure, defensive cyber was handled by the former Informatization Department, offensive cyber was conducted by the Fourth Department (known as 4PLA), and the Third Department (known as 3PLA) managed cyber espionage. The other warfare disciplines were similarly fractured.
As the PLA embraced new doctrines for modern warfare, it realized it must also modernize its force structure to effectively prosecute these wars. To this end, the SSF not only unifies these formally disparate elements but also is built around an imperative of “peacetime-wartime integration.” Researchers Elsa B. Kania and John K. Costello elaborate on the importance of this evolution:
The SSF has seemingly streamlined this process through organizing these units into operational groups as standard practice, optimized as a wartime structure. This concept of peacetime-wartime integration is particularly critical for the SSF’s Network Systems Department and cyber mission. At a basic level, cyber operations require a persistent cycle of cyber reconnaissance, capabilities development, and deployment to ensure cyber effects can be leveraged in a conflict. Given the functional integration of these peacetime and wartime activities—and the close relationship between reconnaissance and attack—in cyber operations, the integration of China’s military cyber offense and espionage capabilities has become a functional necessity. This force structure is consistent with the PLA’s recognition of the reality of blurred boundaries between peace and warfare in these domains, which is reflected in its notion of “military struggle” . . . in cyberspace, as confrontation occurring across a spectrum, of which the highest form is warfare.5
Note: C4ISR is composed of two abbreviations: command, control, communications, computers (C4) and intelligence, surveillance, and reconnaissance (ISR).
To summarize, China believes effective cyber warfare does not begin with the onset of official hostilities; it is instead an unending activity that must seamlessly transition between peacetime and wartime. Understanding this, we can discern the key objectives of Chinese cyber operations against Taiwan.
As stated previously, Chinese planners believe it is essential to establish and maintain cyber superiority to enable the full spectrum of informatized warfare, deter opponents, and manage escalation. But this superiority, in the minds of PLA planners, is not something only sought in the early days of a conflict; it is an advantage that must be won and leveraged now. It is helpful, then, to think of PLA cyber objectives not as a list of tasks to be completed but as a collection of ceaseless activities only varying in intensity based on political requirements. The following form China’s core cyber activities in support of unification with Taiwan.
Intelligence, Surveillance, and Reconnaissance. Intelligence, surveillance, and reconnaissance (ISR) is an SSF core mission and underpins all other cyber activities. Chinese hackers are constantly gaining access to Taiwan’s information systems and networks to better understand China’s targets. Mapping the island’s critical infrastructure and political-military command-and-control networks are essential aims of these activities. Effective cyber ISR will synchronize and integrate assets, sensors, and processing, exploitation, and dissemination systems to develop a comprehensive understanding of Taiwan’s political, military, economic, and social variables.
For example, in 2021 it was discovered that China had hacked Taiwan’s popular Line messaging service to spy on high-level political officials, military personnel, and city leaders.6 This had the tangible effect of giving the CCP crucial insight into these communities and the intangible, but still important, effect of undermining these communities’ confidence in the security of their communications.
Operational Preparation of the Environment. The SSF is also tasked with operational preparation of the environment (OPE). OPE is formally a hallmark of American strategy and doctrine, but its defining features are also present in Chinese planning—particularly in the PLA’s “three warfares”: public opinion warfare, psychological warfare, and legal warfare. Cyber operations in support of Chinese OPE include pre-positioning tools and malicious code on vulnerable networks, the development of detailed intelligence and targets related to future military action, and operations intended to have specific effects on the attitudes and behaviors of Taiwan’s citizens and government. All these actions are intended to create an environment that is favorable to China’s objectives in peace and war.
For example, in 2019, SSF personnel manipulated Taiwanese social media in support of pro-Beijing Taiwanese politician Han Kuo-yu, fueling his surprise victory in the Kaohsiung mayoral race—historically, a stronghold of anti-CCP sentiment. Han later mounted a failed presidential bid with similar cyber support from China.7
Offensive Cyberattacks on Taiwan. China’s hackers are also tasked with offensive cyberattacks on Taiwan—actions intended to manipulate, disrupt, or destroy networks, infrastructure, and daily life. During peacetime, these operations assume the form of distributed denial of service, ransomware, and the distribution of other malware.
For example, in 2020, Beijing used the ColdLock ransomware virus to target more than 10 critical infrastructure targets in Taiwan, including the state-owned CPC Corporation, which supplies more than 25 percent of the island’s gas stations with petroleum, natural gas, and gasoline. This prevented gas stations across the country from accepting any form of electronic payment.8 The ColdLock operation also reportedly affected two undisclosed companies in Taiwan’s semiconductor industry.9
In wartime, these cyberattacks would be more aggressive. Chinese hackers would attempt to disrupt, degrade, or destroy everything from civilian telecommunications networks to military command-and-control systems. Air defense systems would go down, power grids would go dark, and essential government services would grind to a halt. These attacks would be precision strikes against key enemy targets aimed at sowing confusion, debilitating Taiwan’s defenses, and maximizing Chinese operational freedom of movement. But, as noted in this chapter’s introduction, military action against Taiwan would likely provoke a US response, so this challenge would also need to be engaged.
Deterring or Slowing the American Response. Deterring or slowing the American response in support of Taiwan is another key objective for the SSF. These operations would be extremely sensitive and highly influenced by the political context in which they occur. In many ways, Chinese informatized warfare doctrine is crafted specifically with the United States in view, and the SSF already has cyber plans for multiple scenarios. Whatever the scenario, the broad objective would be to undermine the United States’s confidence in its ability to decisively intervene on behalf of Taipei and its capacity to do so.
Importantly, the SSF’s NSD could be expected to work with its sister SSD to bring the full measure of space, cyber, electronic, and psychological warfare capabilities to this crucial task. This means the United States could face cyberattacks against naval ports to slow force deployments. Ransomware and other “signaling” attacks against critical industries and infrastructure would also be likely. As tensions rise, these operations could expand to anti-satellite and electronic warfare attacks intended to deteriorate American navigational, intelligence, reconnaissance, and targeting assets in the region. If things escalated further, we could expect large-scale cyberattacks intended to cripple the American economy, government, strategic nuclear missiles, and way of life. The Office of the Director of National Intelligence summarizes the threat as follows:
We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks. . . .
China almost certainly is capable of launching cyber attacks that would disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems. . . .
China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations. . . .
Counterspace operations will be integral to potential military campaigns by the PLA, and China has counterspace weapons capabilities intended to target U.S. and allied satellites.10
While a direct military confrontation between the United States and China could escalate to the use of nuclear missiles, it would likely begin with the deployment of offensive cyberattacks.
Protecting China from Cyberattacks. Finally, CCP hackers are also focused on protecting China from cyberattacks. These defense measures include protecting CCP and PLA networks from disruptive enemy cyber operations and hardening the nation’s critical infrastructure to withstand foreign infiltration. As Chinese society becomes ever more digitized, its digital “threat surface” expands and requires greater resources for its protection. And China certainly has its hands full.
The US Cyber Command (USCYBERCOM) employs a new concept of operations it calls “persistent engagement.” In its strategic vision announcing the concept, USCYBERCOM explained:
Superiority through persistence seizes and maintains the initiative in cyberspace by continuously engaging and contesting adversaries and causing them uncertainty wherever they maneuver. It describes how we operate—maneuvering seamlessly between defense and offense across the interconnected battlespace. It describes where we operate—globally, as close as possible to adversaries and their operations. It describes when we operate—continuously, shaping the battlespace. It describes why we operate—to create operational advantage for us while denying the same to our adversaries.11
Put simply: In addition to its other actions, sizable portions of China’s SSF are already consumed by cyber defense, and this operational toll will grow if Beijing takes coercive action against Taiwan. Having outlined these core cyber activities, we should now turn to a general assessment of the cyber situation.
Taiwan is catastrophically vulnerable to Chinese cyber aggression. The island’s critical infrastructure, government services, and key military capabilities already endure between 20 million and 40 million cyberattacks every month, with the vast majority of these coming from China. Chien Hung-wei, head of Taiwan’s Department of Cyber Security, says he can defend against most of these attacks but admits “serious” breaches regularly occur. “The operation of our government highly relies on the internet,” explains Chien. “Our critical infrastructure, such as gas, water and electricity are highly digitized, so we can easily fall victim if our network security is not robust enough.”12 This illustrates China’s chief cyber advantage—scale.
Concrete personnel and budgetary numbers concerning Beijing’s digital forces are not readily available in unclassified channels, but estimates range between 50,000 and 100,000 individuals, with hundreds of millions of dollars at their disposal. Whatever their actual workforce and funding, FBI Director Christopher Wray has stated that “here in the U.S., [Chinese hackers have] unleash[ed] a massive, sophisticated hacking program that is bigger than those of every other major nation combined.”13 (Emphasis added.) It can be assumed, then, that similar economies of scale will be employed against one of Xi’s most coveted aspirations— China’s unification with Taiwan.
In early 2001, Taipei established the National Center for Cyber Security Technology (NCCST), tasked to “establish the cyber security protection mechanism and provide technical services to government agencies, including prior-incident security protection, during-incident early warning and responses, and post-incident recoveries and forensics.”14 While the NCCST has made notable progress, it is nowhere near the maturity, size, or strength required for its mission. Relatedly, Taiwan is only on the cusp of building the intragovernmental, industry, and international partnerships necessary for effectively engaging and rolling back the deluge of hostile Chinese efforts online. The aforementioned information operation behind the election of the pro-Beijing Taiwanese politician Han further demonstrates the island is seriously susceptible to cyber-enabled political warfare.
None of these critiques are aimed at Taipei’s desires or political will. They are simply a recognition of a threat that even the United States, with its massive resources and capabilities, is utterly failing to mitigate. But hope is not lost, and meaningful improvements can be made in the near term that might dramatically shift the balance in favor of Taiwan.
First, the United States must continue to harden itself against Chinese cyberthreats to the American homeland and military forces. Taiwan has little to no chance of successfully deterring or preventing a Chinese military attack without American assistance. This assistance will be severely constrained if the United States does not make a systemic, comprehensive effort to close its own cybersecurity loopholes.
Looking beyond our borders, joint cyberwar exercises with Taiwan should be expanded in both frequency and scope. The first of these exercises was held in 2019, but it was hosted by the American Institute in Taiwan—which represents US interests on the island—not the US military. It is now time to synchronize our military cyber operations, because it would be precisely these capabilities that would count in a war with China. While Beijing would certainly protest these exercises, they would not constitute an act of war and likely would not substantively risk upsetting today’s delicate political equilibrium in the Taiwan Strait. Even if they did, this risk of rising tensions is still preferable to Taipei remaining unable to protect itself against the legions of Chinese military hackers arrayed against it.
Another effective but admittedly controversial action would be for Taiwan to grant US cyber forces direct access to their systems for joint “active threat–hunting” operations. These would involve US and Taiwanese operators working side by side, crawling through the island’s many networks to find and remove Chinese (and other) hostile actors. Certainly, Taipei could be forgiven for any hesitation about allowing such broad access to a foreign country, but China is already in these networks, and bringing US muscle to Taiwan’s cyber defenses could be the difference between crumbling under a Chinese offensive and maintaining robust defensive capabilities. Aside from bolstering commitments to Taiwan, American forces would also gain indispensable experience in navigating the cyber conflicts of the future, particularly one in which its primary geostrategic rival is the aggressor. The only alternative—trying to hunt down network vulnerabilities at the onset of conflict—would be far too little, too late.
Finally, because artificial intelligence (AI) will be a key enabler of future cyber capabilities, the United States should require all American AI research to be pulled out of China. Housing the AI research labs of America’s cutting-edge tech companies in authoritarian China was never a good idea. But given that the Chinese government uses foreign tech companies to help find and exploit security vulnerabilities and that it is claiming ever more control over tech companies’ operations and data, this looks more objectionable than ever. AI is an increasingly crucial element of cybersecurity and hacking, and Xi’s China has demonstrated repeatedly that China’s high-tech sector serves the CCP, which sees AI technology as a core tool of its future autocratic rule.
Nonetheless, according to Georgetown University’s Center for Security and Emerging Technology, 10 percent of the collective AI research labs of the leading US technology companies were housed in China in 2020.15 Microsoft’s Beijing-based Research Asia lab is the company’s largest outside the US and is credited as being “the single most important institution in the birth and growth of the Chinese AI ecosystem over the past two decades.”16 In 2018, this same lab openly coauthored, with China’s military-run National University of Defense Technology, research with clear applications to surveillance and censorship. Other companies have gone even further.
Since Cisco helped establish the “Great Firewall” in the early 1990s and Seagate built the first hard drive catered to surveillance for China’s Hikvision in 2005, American companies laid the foundation for many of the systems powering China’s technological authoritarianism.17 Their contributions to Xinjiang’s dystopia, such as the Intel chips likely being used to monitor forced labor and concentration camps and Thermo Fisher’s DNA sequencing kits used to surveil Uyghurs, represent the grotesque culmination of this history.18
Given that American companies remain the gatekeepers of most of the more valuable insights in advanced AI computing, their research efforts in China are disproportionately valuable to the tech-hungry dictatorship and risky to a world chronically hacked by the Chinese. Under the auspices of international scientific collaboration, these research outposts grow the CCP’s capacity to make its own high-tech tools— including for hacking—without having to resort to foreign companies to build out their capabilities.
The danger of China capitalizing on American AI research in its borders also has chilling military import, as our defense leaders know well. Even if the work of these research centers does not have direct application to areas of military concern, the dual-use nature of AI technologies makes secondary military application highly likely, in addition to growing China’s military-pliant AI ecosystem more generally. Success in developing its AI capabilities will further grow China’s leverage and aggression abroad—as if those were not already concerning enough.
Xi’s desires for the forcible unification of Taiwan with China appear to be growing. But Taiwan cannot and will not be taken by cyber means alone. Chinese doctrine does, however, call for the expansive use of cyber means in the preparation, execution, and aftermath of military actions against the island. These operations are already underway and will grow in sophistication and aggression as tensions in the Taiwan Strait escalate—including the possible targeting of the US homeland. Presently, Taipei is not prepared for these attacks, but meaningful improvements can be made by shoring up American cyber defenses, expanding cyber cooperation between the United States and Taiwan, and removing US AI research from China. Finally, China’s significant cyber capabilities and massive scale ensure that any defense of Taiwan will be difficult, and while no amount of preparation can ensure success, a failure to prepare in the manner discussed in this chapter will guarantee Taiwan’s defeat.