Enhancing U.S.-Taiwan Cyber Security Cooperation

Enhancing U.S.-Taiwan Cyber Security Cooperation
Photo Credit: CNA

What you need to know

Despite its significant investment in cybersecurity, Taiwan will be better prepared for a large volume of Chinese cyberattacks by cooperating with the United States.

Taiwan’s government is facing a constant barrage of cyberattacks, receiving around 100,000 hacking attempts each month. Hundreds of them manage to breach Taiwan’s systems each year. In 2017, the Department of Cyber Security reported 360 successful attacks on government systems. Of these, 288 were launched by Chinese network forces, with most being categorized as Advanced Persistent Threats such as state-sponsored malware attacks meant to gain access to important government systems. 

Taiwan has been able to protect itself against the majority of cyberattacks it has faced due in large part to the government’s investments in cybersecurity, beginning with the formation of the National Information and Communication Security Taskforce and the National Center for Cyber Security Technology. These programs also serve to bolster Taiwan’s cybersecurity capabilities in the areas of incident prevention, incident response, and post-incident forensics. The Executive Yuan later formed the Department of Cyber Security to streamline the development of information security policies, including the Information Security Management Act of 2018.

Taiwan has established a cyberwarfare department as the fourth branch of its armed services, the world’s first independent military cyber command. The Information, Communication, and Electronic Force Command is responsible for carrying out a wide range of cyber operations, including conducting offensive and defensive cyber operations, protecting military computer networks and critical infrastructure, engaging in cyber intelligence gathering, and developing new cyber weapons and capabilities. In addition to traditional offensive and defensive roles, the ICEF is also tasked with performing proactive attacks against adversary computer networks to disrupt their operations and degrade their ability to wage war.

Taiwan ranked ninth in the “Cyber Maturity in the Asia Pacific Region” report, just behind China, in 2017. The authors note that Taiwan’s position in the report was “hampered by difficulties with international engagement,” signaling opportunities for improved cooperation between Taiwan and its allies in the field.

Despite exclusion from international police organizations, Taiwan has been engaging in meaningful multilateral cyber cooperation. The U.S. Computer Emergency Readiness Team and Department of Homeland Security offer recommendations every two years for Taiwan to improve cybersecurity solutions. But it does not take full advantage of Taiwan’s cybersecurity acumen or help it adequately prepare for a large volume of Chinese cyberattacks.

AP22215147883266
Photo Credit: Taiwan Presidential Office via AP / TPG Images
U.S. House Speaker Nancy Pelosi, center left, and Taiwanese President Tsai Ing-wen arrive for a meeting in Taipei, Taiwan, Aug. 3, 2022.

During U.S. House Speaker Nancy Pelosi’s visit, China escalated cyberattacks against Taiwan, paralyzing government websites. Commercial entities such as 7-11 and railway stations were also victims. Hacker group APT 27, a Chinese state-sponsored group, claimed responsibility for the cyberattacks on Taiwan, stating their motivation was to protest Pelosi’s visit. 

The U.S. policy position on Taiwan was already set to change, just days after Pelosi’s visit. Republican lawmakers praised Pelosi’s delegation to Taiwan, with renewed calls to support Taiwan based on the Taiwan Relations Act. This support for Taiwan came before a senate vote for the Taiwan Policy Act of 2022. This bipartisan piece of legislation was introduced by Senate Foreign Relations Committee Chairman Bob Menendez (D-NJ) and Senator Lindsey Graham (R-SC) to expand security cooperation with Taiwan and impose costs on Chinese hostility by setting up a broad economic sanctions regime.

In the realm of cybersecurity, the Taiwan Policy Act does two things. First, it serves to deter China from launching cyberattacks against Taiwanese entities, making it legally binding for the U.S. to respond to Chinese aggression. Second, it offers a broader mandate to work with Taiwan on cybersecurity challenges, allowing increased information sharing between law enforcement agencies, official exchanges, and access to U.S. cybersecurity training and equipment. 

Speaker Pelosi’s visit didn’t come without challenges to Taiwan’s security. The PRC has been overtly displaying its capabilities to influence Taiwan’s political institutions. The U.S. response has been overwhelmingly in support of deepening security cooperation with Taiwan and will lead to stronger long-term bilateral cooperation and deterrence against Chinese military action.

TNL Editor: Bryan Chou, Nicholas Haggerty (@thenewslensintl)

If you enjoyed this article and want to receive more story updates in your news feed, please be sure to follow our Facebook.