Chinese #Hacking Against #Taiwan: A #Blessing for the #United States?

Declaring that “cybersecurity is national security,” President Tsai Ing-wen of Taiwan inaugurated the Information Communication Electronic Force Command (ICEF) on June 29, 2017, formally establishing Taiwan’s “cyber fourth service.” The cyber fourth service, the first such independent military cyber command in the world, is the latest in a series of the ruling Democratic Progressive Party’s (DPP) initiatives to improve Taiwan’s cybersecurity environment.

In August 2016, Taiwan’s Executive Yuan established the Department of Cybersecurity and subsequently released a new version of Taiwan’s Draft Cybersecurity Management Law. In addition, the government is pressing for the development of Taiwan’s cybersecurity industry as a driver of employment, economic growth and national security through a policy of “cyber autonomy.”

The chief cybersecurity threat to Taiwan are Advanced Persistent Threats (APTs) known or likely to be based in the People’s Republic of China (PRC), especially those that conduct cyber espionage on Taiwanese government agencies and corporate targets. In a survey administered by American cybersecurity firm FireEye, Taiwan placed second in Asia in terms of the quantity of unique APT malicious software and techniques targeting it, reflecting the priority that China places on cyber espionage against the island.

These problems aren’t new: Chinese cyber intrusions have motivated Taiwan’s cybersecurity policymaking since at least 2003, when Chinese hackers possibly associated with the PLA infected the networks of a major Taiwanese telecommunications company along with a slew of government websites. The National Information and Communication Security Taskforce (NICST), an interagency task force founded by Taiwan’s executive branch to safeguard Taiwan’s government networks and critical infrastructure partly in response to Chinese cyber activity, is more than 15 years old.

Since then, Chinese APT activity against Taiwan has only grown. A number of Chinese APTs have been identified, though few have been openly associated with the Chinese government by security researchers or the Taiwanese government due to political sensitivities and uncertainty in attribution. APT12, which has been linked to the PLA, conducted cyber espionage attacks on Taiwan’s government agencies and technology companies in 2014. China-based APT16 attacked Taiwan’s media sector and the DPP in 2015. Most recently, the DPP home page was hacked in 2016 to send visitor profiles to cyber espionage groups based in China. This list of Chinese APTs is not exhaustive.

By some accounts, the long-time threat of APTs to Taiwan is a blessing in disguise, as it has hardened the island’s cyber defenses and provided valuable threat intelligence and training that contributes to the development of Taiwan’s cybersecurity industry. Infamous Taiwanese hacker-turned-entrepreneur Jeffery “Birdman” Chiu has suggested that “Taiwan is the island of APT.” In his view, an onslaught of attacks produces an abundance of malicious software (“malware”), attack signatures, and other tools, techniques and procedures (TTP) for Taiwanese threat intelligence researchers and cybersecurity firms to analyze. Ironically, Mr. Chiu indicates, this would make malware one of Taiwan’s best “natural resources.”

Given reports of malware being tested on Taiwanese networks before being deployed worldwide, Taiwan’s government and private sector have leveraged the idea that Taiwan is a testing ground for malware and cyberattack to advance their own interests. In 2015, then-Vice Premier Simon Chang argued for Taiwan’s inclusion in the American Cyber Storm exercises and closer cyber cooperation between the United States and Taiwan, citing to the valuable experience Taiwan could offer as a testing ground for Chinese cyberattacks.

Entrepreneurs in Taiwan’s cybersecurity industry have marketed their expertise in threat intelligence and APT detection accordingly, citing China and Taiwan’s shared language and cultural insight into the behavior of Chinese threat actors as providing Taiwanese firms with additional advantages in analyzing and combating cyber threats.

However, even if Taiwan is indeed a testing ground for cyberattacks, there are at least two main reasons why this will not necessarily benefit its cybersecurity industry or intergovernmental cybersecurity cooperation.

For one, in terms of providing threat intelligence on Chinese APTs, there is evidence that Chinese APT activity, at least against U.S. targets, has declined over the past few years in the lead-up to and in the wake of the Sino-U.S. “cyber truce.” Whether due to the growing political costs of cyber espionage or China’s own investment in technological innovation to supersede the theft of foreign assets, this decline means that Taiwanese firms with specialized expertise on Chinese APTs will likely face a more limited U.S. market for their services, at least for the time being.

Second, and more damaging, is the pernicious effect of PRC cyber espionage efforts on the credibility of Taiwan’s government and private sector as economic and security partners. Extensive Chinese APT activity undermines confidence in the cyber integrity of Taiwanese political and military institutions while fueling international perceptions that economic and security cooperation with Taiwan is a high-risk endeavor.

Taiwan’s institutions and businesses, constantly in China’s crosshairs, could become cyber backdoors to the systems of their international partners, increasing the perceived risk of corporate mergers and cooperation with or investment in Taiwanese companies. Foreign governments and corporations may also limit their open cooperation with Taiwan in fear of political, economic or cyber reprisals from the PRC.

Given overlapping strategic objectives, the United States remains Taiwan’s main security partner. Some U.S. Federal agencies and corporations recognize Taiwan’s unique position in China’s cyber operations. The U.S. Department of Commerce led a trade mission of 20 U.S. companies to Taiwan last June, and American firms have been actively acquiring Taiwanese cybersecurity companies. Intelligence cooperation related to cybersecurity undoubtedly already takes place between Taiwan and the United States, given the presence of the NSA, and possibly the CIA, on the island.

But U.S.-Taiwan cooperation could also encompass contingency planning for People’s Liberation Army cyber operations against Taiwanese military and civilian infrastructure in the event of or as a prelude to cross-strait conflict, including those against American forces. In this regard, Taiwan’s status as the “island of APT” may truly become an asset to American strategic planning in the region.