Critical Node: Taiwan’s Cyber Defense and Chinese Cyber-Espionage

Publication: China Brief Volume: 13 Issue: 24

Taiwanese intelligence chief Tsai Der-Sheng

Cyberspace is emerging as a contentious frontier in cross-Strait relations. Overt military tension in the Taiwan Strait has ostensibly given way to a cold war in the cyber-domain. A surge in China-sponsored cyber intrusions was highlighted recently by Taiwan’s intelligence chief, Tsai Der-sheng. In remarks made during a public hearing held in late March at the Legislative Yuan’s Foreign Affairs and Defense Committee, the head of the National Security Bureau (NSB) drew attention to the increasingly severe and complex nature of the cyber threat posed by China to the world, and particularly to Taiwan (ROC) (Taipei Times, March 21). Taiwan’s Ministry of Defense (MND) 12th National Defense report—which was released in early October—also reflected the growing cyber threat in its overall assessment of Chinese military capabilities directed against the island. The MND report stated that China plans to enhance its combat capabilities to a level sufficient to invade Taiwan by 2020 (Focus Taiwan, October 10; MND National Defense Report 2013, October 9, hereafter NDR 2013 in references).

While preparations by the People’s Liberation Army (PLA) for a military invasion of Taiwan would be detectable with early warning signals and other cues, a coordinated cyber attack could be instantaneous, hard to predict, and thus preemptively counter. Given modern economies, governments’ and militaries’ increasing reliance on information technology and networked computing for critical functions—including military operations—a successful, targeted, and coordinated cyber attacks could alter the strategic calculus, and possibly determine the tactical landscape before a kinetic military operation. After a decade long confrontation in cyberspace, the cyber-domain over the Taiwan Strait appears to be coming to a cross-road. Its import for national security appears to be a top priority for decision makers in Taipei. Indeed, Taiwan’s defense planners and stewards of the U.S.–Taiwan defense relationship—increasingly faced with a resource constrained environment—need more than ever to prioritize developments of asymmetric capabilities in the cyber-domain to deter China’s increasing coercive capabilities against Taiwan.

China’s Cyber Threat to Taiwan ‘Very Severe’

The NSB report, which was prepared in advance of a legislative hearing in April and reported on by the Taiwanese media, described China as being armed with a cyber army of more than 100,000 people. The report also outlined the counter-measures taken by other countries against increasing state-sponsored cyber attacks (Focus Taiwan, April 28). It added that the PRC has allocated more than $80 million to its cyber war workforce in 2013 (Focus Taiwan, April 28).

Taiwan has been the most intense target of China-sponsored cyber espionage (Radio Free Asia, March 1). Indeed, the island nation has endured at least a decade of highly-targeted data-theft attacks from China of the kind that are now clearly being directed towards larger countries (Reuters, July 18). For instance, at the 10th National Information & Communication Security Taskforce meeting in 2002, a Taiwanese government report on Chinese-cyber intrusions revealed that hackers from Wuhan, Hubei province, infiltrated computers covered by Chunghwa Telecom, and installed hacking programs that stole a large trove of data (a 2011 report by Project 2049 also found that Wuhan is the headquarter for the PLA Third Department Sixth Bureau). A total of 42 units of government websites were infected and 216 computers infiltrated in the coordinated attack. According to Cai Qingyan, who was then-Executive Yuan Minister without Portfolio, it was the first time Chinese hackers organized a major cyber intrusion on Taiwan’s cyber networks (China Gaze, October 11, 2002).

It followed the first documented “Taiwan-China Hacker War,” which took place in August 1999 when then-Taiwanese President Lee Teng-hui defined relations between Taiwan and China as state-to-state relations. Chinese hackers responded by sabotaging government, university and commercial sites. These attacks reportedly involved more than 160 infiltrations of Taiwan’s national computer networks. The hackers also attacked the American Institute in Taiwan’s website. Indeed, Taiwan’s cyber networks have been a primary target of Chinese hackers since, but as a result, these attacks have honed the island’s cyber defense capabilities and infrastructure.

At the legislative hearing in April, the NSB director described the Chinese cyber threat as “very severe.” In an uncharacteristically bleak response to a question by a legislator, the NSB director stated that “transportation and financial infrastructure would inevitably be put at risk if the CCP could successfully take destructive actions against Taiwan” (Taiwan National Policy Foundation, March 21). The director’s statements and the report seem to reflect NSB’s growing concerns over the vulnerabilities of the island’s critical infrastructure. The NSB revealed that the agency’s external websites were hit by hackers 3.34 million times in 2012 (China Post, May 8). The activities have grown in scope and volume. Additionally, while the traditional focus of Chinese cyber attacks has been on an adversary’s government networks, the report stated that they have shifted their focus to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems (Focus Taiwan, April 28). This trend appears consistent with the modus operandi of some Chinese hacker group activities against U.S. targets.

Then-NSB deputy director Chang Kuan-yuan stated that 38 percent of cyber attacks were launched from “zombie computers” that had been infected by viruses or Trojan horses (Chang submitted his resignation on October 22) (The Diplomat, April 30). These controlled computers serve as nodes in a broader network, and are typically industrial computers not protected by firewalls or invasion detection systems. Once hackers have taken control of these computers, they can use the compromised computers as relay points for infiltrating more secure networks.

The magnitude of this intrusion is partly explained by Chinese hackers using Taiwan as a “springboard” for other attacks. According to a Taiwanese network security company engineer cited by the China Times, because of the shared language and culture between Taiwan and China, Chinese hackers tend to target Taiwan as ground zero for launching larger cyber offensives. The springboard tactic allows Chinese hackers to cover their digital footprints. When network security professionals attempt to undertake forensic analysis of digital evidence, a springboard may be the only identifier since it acts the primary internet protocol address for the attack (China News, October 7, 2010).

According to Chuang Ming-hsiung, section chief at the Criminal Investigation Bureau’s High-Technology Crime Prevention Center: “Before China releases a virus to the United States, it will test it on Taiwan. That’s why Taiwan has a faster response rate than the United States.” According to the MND National Defense Report 2013: The PRC Cyber Force continues to use remote infiltration and viruses (malware) to infect, steal information or monitor our [Taiwan’s] websites, affecting the normal operation of information systems. Once a conflict arises, these operations will enable them to cripple our command, control and logistics network, which will affect the normal operation of the ROC Armed Forces’ information systems, and delay its contingency response time.

PLA Involved in Cyber-Attacks

There are at least two bureau-level PLA units conducting cyber-espionage on Taiwan. According to the Project 2049 Institute’s 2011 report The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure, they are the PLA Third Department’s Sixth Bureau and the Nanjing Military Region’s Technical Reconnaissance Bureau. The Third Department’s Sixth Bureau has a military unit cover designator of 61726 and is headquartered in Wuhan’s Wuchang district. The Nanjing MR Headquarters Department, led by former GSD Second Department (military intelligence) Director Major General Yang Hui, oversees two TRBs that are likely focused on Taiwanese military and other communications and computer networks, as well as U.S. activity in the Western Pacific area of operations. According to the National Defense Report 2013: “Starting in 2010, the PRC began developing new spy software to steal classified information on the internet. The software was developed with automated functions capable of changing data encryption, concealing transfer channels, and countering tracing attempts by network security personnel.”

Public-Private Initiatives in Cyber Security

There are three major institutional actors in Taiwan’s cyber-defense infrastructure:  NSB, MND, and the Criminal Investigation Bureau (the successor to the Taiwan Provincial Police Administration).

There are currently three units under the MND’s Information and Electronic Warfare Command, which was established in 2004, and include 3,000 military personnel who are responsible for countering cyber attacks (China News, October 7, 2010). Taiwan is reportedly developing a fourth cyber warfare unit as part of the government’s overall efforts to beef up its cyber-security capability (China Post, April 30). The Taiwanese government is also increasing its spending on cyber-defense by expanding the MND’s Communications, Electronics and Information Bureau (CEIB) and creating a facility for conducting simulated cyber warfare (ZDNet, September 3, 2012). CEIB coordinates among different stakeholders within military for C4I, IW, EW, and other related areas. [1]

The lead unit in the NSB that has the cyber portfolio is the office for Sci-tech Intelligence and Communication Security, also known as No. 5. According to a recent unverified corporate intelligence report, Taiwan has developed an automatic Chinese character identification programs that filter signatures from Chinese computer attacks, in particular the analysis of viruses and IP addresses. The programs were developed by the NSB and the Office of Electronic Defense Information (NSB website; Intelligence Online, April 24).

Taiwan is planning for a nationwide multi-agency exercise to simulate how the government would respond in the event of a cyber attack. The CEIB is scheduled to conduct joint exercises with other parts of the military (Taipei Times, April 30). The NSB report urged the government to work with local telecommunication providers to enhance their security up to the Internet and telecommunications infrastructure level in light of the increasing cyber attacks on civilian networks. Taiwan’s three leading telecommunication service providers—Chunghwa Telecom Co., Taiwan Mobile Co., and Far EasTone Telecommunications Co.—will reportedly be working along-side with the government (Focus Taiwan, April 28).

The National Information and Communication Security Taskforce (NICST), which was established in 2001, under the cabinet acts as another interagency coordinating group for civilian cyber defense and overall situational awareness (China News, September 7; NICST website).

Taiwan’s telecommunication industry is already heavily protected, but a robust cyber defense capability may demand a more proactive posture that only more jointness would provide. Given the limited input and output channels for signals received by and transmitted from Taiwan, such conduits are essential for developing greater foresight.


The cyber-domain over the Taiwan Strait is now at a cross-road. Defense planning is increasingly being made under a resource constrained environment, and require careful prioritization and foresight by stewards of the defense relationship. Its import for national security appears to be a top priority in Taipei—but whether it is enough remains to be seen. Areas of cooperation could include the defense of critical infrastructure such as telecommunication networks, financial systems and electricity supplies, and to establish international rules on cyber-issues (Asian Review News, May 15). While Taiwan has made important strides in cyber-defense, a major challenge ahead is integration and jointness among nations and among different systems established by the major stakeholders in the island’s cyber defense infrastructure (China News, September 7). Vulnerabilities in one nation’s cyber-defense infrastructure could potentially affect the viability of a collective cyber defense. While a Department of Defense report on “Taiwan Strait Posture Status” asserted that Taiwan was leading the world in the area of development of counter-virus techniques, the security environment over the Taiwan Strait has changed significantly since its publication. [2] Taiwan and China have both invested a great deal in the development of disruptive cyber warfare techniques in order to gain an edge in cyber superiority, but the overall balance is tilting in China’s favor. In light of the recent pronouncements by the NSB and the MND’s defense report, the development of offensive and defensive capabilities in cyber-space are clearly becoming a key objective in Taiwan’s military modernization.

The author would like to acknowledge the valuable input provided by Project 2049 Institute Executive Director Mark Stokes.


  1. James Mulvenon in The Information Revolution in Military Affairs in Asia, Palgrave Macmillian, 2004, page 150.
  2. Daniel Ventre, Information Warfare, Wiley-ISTE, 2009, page 80.