The Digital Front: China's Cyber Operations Against Taiwan's Infrastructure and Defense

Taiwan is one of the most cyber-attacked places on earth. By the count maintained by its government’s cybersecurity agency, the island absorbs millions of cyberattack attempts each month, a significant portion of them attributable to Chinese state-linked actors. The volume is so high that it is used in Taiwanese government communications less as a warning than as a baseline: this is the normal operating environment. What varies is the sophistication and targeting of the attacks, which escalates during periods of political tension and which, in the event of military conflict, would transition from the persistent low-level campaign currently underway into a coordinated effort to degrade Taiwan’s military command and control, communications infrastructure, and civil society resilience simultaneously.

The Chinese cyber actors targeting Taiwan have been tracked and named by Western cybersecurity firms and government agencies. Groups with designations like APT40 and APT41 — attributed to units within the PLA and the Ministry of State Security — have conducted operations against Taiwanese government agencies, defense contractors, semiconductor companies, and critical infrastructure operators that represent both intelligence collection and the pre-positioning of access for future disruptive operations. The distinction between these two purposes matters: an actor with sustained access to a target network can collect information from it continuously and can also use that access to cause damage when the political decision to do so is made.

The military command and control systems that Taiwan depends on for coordinating its defense forces are the most sensitive target category. A Taiwan that cannot communicate between its command centers, between its military units, and between its military and civil leadership during the opening phase of a conflict is a Taiwan that cannot execute the dispersed, mobile defense that its strategy requires. PLA cyber operations designed to degrade these communications channels — through network penetration, through attacks on the underlying telecommunications infrastructure, or through jamming and electronic warfare that complements cyber operations — are aimed at the same objective as the PLA Rocket Force’s missile strikes on command and control nodes: preventing Taiwan from functioning as a coordinated military entity in the first hours of a conflict.

Taiwan’s cybersecurity posture has improved substantially over the past decade, driven by a combination of the visible threat environment and close cooperation with American, Japanese, and other allied cybersecurity organizations that share intelligence on Chinese tactics, techniques, and procedures. The Cybersecurity Management Act and related legislation have created regulatory requirements for critical infrastructure operators that have raised baseline security standards. The defense establishment has invested in hardened and redundant communications systems designed to survive disruption of commercial networks. These investments are real. They do not eliminate the vulnerability — they raise the cost of exploitation and reduce the probability of catastrophic failure.

The civil infrastructure targeting adds a dimension beyond the military command and control problem. Taiwan’s power grid, its water treatment systems, its transportation networks, and its financial system are all potential targets for cyber operations designed to create civilian distress and complicate the government’s crisis management. Operations against civilian infrastructure during conflict are regulated under international humanitarian law, but the attribution challenges of cyber operations, the dual-use nature of many targets, and the deliberate ambiguity that state actors maintain about their cyber capabilities make enforcement of these norms practically impossible in real time.

The information operations dimension of the cyber campaign extends into the cognitive domain. Attacks on Taiwanese media platforms, manipulation of social media through compromised accounts, and the injection of false information into emergency alert systems are capabilities that Chinese actors have demonstrated in smaller-scale incidents and that would be deployed at scale during a conflict scenario. A Taiwanese population receiving conflicting and false information about what is happening during an active military crisis — who is attacking, where, with what effect, what the government is doing — is a population whose capacity for organized civil defense and political cohesion is degraded by exactly the mechanism that an aggressor would want.

The cyber domain has no clear front line. The fight is already underway.

• cyber warfare
• PLA cyber
• critical infrastructure
• Taiwan cybersecurity
• APT