Event Recap / November 2023

CLTC Hosts Conference on “Cyber Defending Taiwan: Lessons from Ukraine”


Download the conference report

On September 29, the Center for Long-Term Cybersecurity (CLTC) hosted “Cyber Defending Taiwan: Lessons from Ukraine,” a one-day conference centered on applying lessons learned from Russia’s invasion of Ukraine to strengthen Taiwanese cybersecurity and infrastructure.

Drawing over 120 participants, the conference featured panelists from academia, government, research, and the intelligence community. “The ongoing tension between China and Taiwan represents one of the most critical flashpoints in international relations today,” said Chris Hoofnagle, Faculty Director of CLTC, in his opening remarks. “There are profound implications for regional stability, and for international security…. Let’s navigate these uncertain waters today to foster a deeper understanding of the dynamics and the strategic options.”

Cyberattacks in the Ukrainian Invasion

For the day’s first session, panelists retrospectively analyzed the February 2022 Russian invasion of Ukraine with a focus on cyberattacks, including key indicators that might presage cyber aggression against Taiwan.

From left to right: Aleksandr Kobzanets, Elaine Korzak, Gil Baram, and Andrew Reddie
From left to right: Aleksandr Kobzanets, Elaine Korzak, Gil Baram, and Andrew Reddie

The panel was moderated by Professor Andrew Reddie, founder of the Berkeley Risk and Security Lab and Associate Research Professor at the UC Berkeley Goldman School of Public Policy. “In the year and a half [since the Ukraine invasion], a lot of analysis has gone into trying to figure out, how do you actually use and leverage cyber vulnerabilities in conflict?” Reddie said. “Are we surprised by what’s happened inside of the Ukrainian context? Are there things that we might have expected to see that have been missing?”

CLTC postdoctoral scholar Gil Baram pointed to the importance of space in modern conflicts, and referenced a space threat assessment from the Center for Strategic and International Studies that was published earlier this year. Highlighting the threats to Taiwan from China in the space domain, the report anticipates the potential jamming of communications and intelligence satellites, the destruction of space-ground networks, and the destruction of ballistic missile early-warning satellites. This threat became especially realistic after it was revealed that China was building cyber weapons capable of hijacking satellites. 

Baram acknowledged that, in light of Russian hackers disabling modems and causing partial network outages in Ukraine and other European countries on the first day of the invasion, the private sector could play an important role in future conflicts. “We’ve seen what a mega constellation [i.e., SpaceX Starlink] can provide in terms of redundancy and capabilities,” Baram said.

Elaine Korzak, a postdoctoral scholar at CLTC, began by analyzing the international governance conversation around cyberattacks, and how the environment for potential future conflict in Taiwan may have changed. She focused on two aspects: “the impact that cyber activities in Ukraine have had on the international negotiations and processes,” and “the impact it has had on the content of the governance framework.”

Korzak recalled the past 25 years of negotiations between states in regards to conduct in cyberspace, explaining that “international law, as it currently stands, is insufficient or ill-equipped to govern what states want to do in cyberspace.” On one hand, China and Russia wish for an increase in the government’s ability to control domestic content and want an international treaty based on their respective understanding of domestic security. On the other hand, governments like the United States and the European Union are extremely concerned about an increase in content control and do not favor an international treaty.

She emphasized the uncertainty of the future between the two sides of humanitarian law in cyberspace. “The Russian actions have very much brought this longstanding disagreement that has existed on paper into the realm of practice,” she said. “It’s going to be very interesting to see how this will play out, and whether we’ll have any kind of jurisprudence coming out of domestic courts, or the International Criminal Court, or any hybrid tribunals that… might look at cyber components of the application of international criminal law.”

Korzak highlighted concerns about actions Russia has taken on a domestic level to place restrictions on content and control cyber traffic in the aftermath of their invasion of Ukraine. Such actions “test the international governance framework” and have “created an opening for like-minded states,” she said, adding that these effects that could create long-term changes and transformations to international negotiation dynamics. 

In his remarks, FBI Special Agent Aleksandr Kobzanets explained that he was on the ground in Ukraine in the months leading up to the Russian invasion, and previously had been involved with investigations of cyberattacks like the 2016 FSB Yahoo hack and the breach of the Democratic National Committee’s servers. He stressed that Ukraine has long been the target of cyberattacks. “I might be biased, but it seemed like every FBI cyber criminal investigation somehow touched Ukraine,” he said. “The GRU, the DNC hack, all those same problems that we’re seeing in the United States, Ukraine has been dealing with for many years. It’s instrumental to be able to learn on the ground and gather intelligence that is then used to defend our own infrastructure, our own elections.”

The Taiwan Context

Nick Merrill, Benjamin Bahney, Graham Webster, and Vinod Aggarwal
From left to right: Nick Merrill, Benjamin Bahney, Graham Webster, and Vinod Aggarwal

In the day’s second panel, Nick Merrill, Director of the Internet Atlas project at CLTC, explained that the concept of cybersecurity in the conflict between Taiwan and China does not only affect those two parties. For example, he pointed out that Chinese naval action is not required to disconnect Taiwan from the internet, and if submarine fiber optic cables were to be cut, the issue would not affect Taiwan alone.

“Several of the cables that connect Taiwan to the internet run through mainland China,” Merrill explained. “All they need to do is to go to the cable landing point on their territory and say, hey, turn this off.” Merrill described hypothetical situations by which China could take action to disconnect Taiwan, all of which pose grim consequences for not only Taiwan, but other countries, including the United States.

Benjamin Bahney, Senior Fellow at Lawrence Livermore National Laboratory’s Center for Global Security Research (CGSR), built on the discussion by introducing the aspect of space to Merrill’s scenarios. Bahney acknowledged the option of satellite communications in response to cyberattacks, but pointed out the latency that would likely result from getting communications to geostationary orbit and the large costs of getting a satellite network up and running. 

He pointed out that China’s use of space has increased dramatically, with “a lot of it for military operations, some of it for civil, and even less for science applications.” He noted that the Chinese government has developed counter-space systems, mostly consisting of satellite communication jammers. While traditionally used to deny commercial satellite communications, these jammers have military applications that could be very effective against geostationary communications in the case of a Taiwan crisis with China. In addition, China has developed a set of kinetic kill capabilities for low-Earth orbit that are now operational and undergoing higher orbit tests. While Taiwan does have a space program, it is still in development and mostly consists of meteorological satellites, Bahney said.

Stanford University Cyber Policy Center’s Graham Webster spoke to the policy and international relations scope of cybersecurity in Taiwan. With Taiwan’s strategic importance in technology, it is always a point of discussion in U.S.-Chinese relations. 

He noted that the United States’ introduction of chip control policies in October 2022 was a “major turning point in the U.S.-China situation, and it directly implicated what can be done in terms of business and industry in Taiwan.” The U.S. government wanted to prevent China’s access to importing advanced semiconductors in addition to limiting their ability to produce these semiconductors themselves. Webster emphasized the differences in governance between the U.S. and China, with one being “fundamentally, a democracy versus an autocracy divided.” 

While Webster did not see relations doing very well at the moment, he also did not foresee a steep decline toward total disaster, an occurrence he attributed to the fact that both the United States and China know that escalating things too far will be “very dangerous and costly for everyone.” 

The Chinese Cyber Threat and What Taiwan Can Do

Raymond Kuo
Dr. Raymond Kuo

In the first keynote talk of the day, Dr. Raymond Kuo, Director of the Taiwan Policy Initiative and senior political scientist at the RAND Corporation, addressed the intersections of strategy, theory, and capabilities within the Taiwan-China relationship. 

Dr. Kuo began by highlighting Taiwan’s unique vulnerability to cyberattacks, with the Ministry of Digital Foreign Affairs stating that there were 1.4 billion cyberattacks from China in 2017. Of the 360 successful cyberattacks, 288 came from China. Adding to the challenge, Kuo explained, Taiwan requires smooth flows of power and water to maintain its high rate of production, which can be easily disrupted considering that 98% of Taiwan’s energy supplies and key industries are highly vulnerable to any sort of disruption.

Dr. Kuo posed a range of questions to the audience, such as: What is China’s cyber strategy? What does the scholarly work on the threat of cyber war tell us? What can Taiwan, the United States, and other countries do? He highlighted that the People’s Liberation Army (PLA) has a cyber strategy similar to that of other governments, one that sees cyber as a domain of blurred lines, crossing civilian and military, peacetime and wartime. For political scientists, this is known as an “offense dominant zone,” Kuo explained. He further emphasized the impact that anonymity has on cyberattacks, as “the attacker has initiative, and they can spend years ferreting out the weaknesses of a digital system to unleash their attack all at once at their time of choosing.” 

Dr. Kuo closed by reiterating that the Asia-Pacific region is “already essentially a battlefield” and that, because we are all networked by cybersecurity policy, to disaggregate is the worst decision that could be made. Asian partners and allies need to integrate with each other and the United States — and present a united front against Chinese cyber operations and subversion.

Securing Freedom for Taiwan

Tim Mather, Hung-dah Su, Ritwik Gupta, and Janet Napolitano
From left to right: Tim Mather, Hung-dah Su, Ritwik Gupta, and Janet Napolitano

In the third session of the day, panelists discussed private ownership of internet infrastructure and how it makes corporations and private entities key partners in cybersecurity. Panelists included Ritwik Gupta, Defense Innovation Unit Deputy Technical Director for Autonomy; Hung-dah Su, Dean of the College of Social Science at National Taiwan University; and Tim Mather, partner and virtual chief information security officer with Fortium Partners. The panel was moderated by Janet Napolitano, Director of the Center for Security in Politics.

“Our panel is entitled “Securing Freedom for Taiwan, a particularly critical issue in today’s world,” Napolitano said. “We all know we face the rising threat of China, particularly in the wake of the Russian invasion of Ukraine. We have China. We have Russia. Friends, faculty, students, they’ve asked me, what can we do? How can we help protect Taiwan’s freedom? I wish I had those answers. I don’t, but here with me today are some folks who are here to help us take some steps closer to the answer.”

In his remarks, Hung-dah Su suggested that misinformation as a topic needs to be integrated into cybersecurity. He noted how Taiwan penalizes the production and distribution of fake news, and explained that ministries are required to have special units to clarify misinformation, which led to a steady decrease in false information cases between 2000 and 2022. He also pointed out that Taiwan has NGOs that work to empower the public through media literacy education.

The panelists also spoke to the variety of possible targets of cyberattacks, both civilian and military. As Fortium Partners’ Tim Mather pointed out, “If I’m in the military, I have to worry about destructive attacks. If I’m on the civilian side of this, I don’t really have to worry about destructive attacks, as much as I have to worry about disruptive attacks.” Yet, Mather said, the targeting of civilian infrastructure can be as devastating as the targeting of the military. Disruptive attacks can cripple supply chains, production, and a target’s ability to function effectively.

For China, destroying civilian cyber infrastructure would be costly later on if they needed to govern. As such, Taiwan cybersecurity should focus on redundancy, Mather said. “People who are responsible for information security on the civil side and in enterprises need to be looking at what they’re doing for backups, power, and communications,” he said. “Think mesh networks and precision timing. How do you keep all of these devices operating?”

Closing Keynote: Jeffrey Fields

Special Agent Jeffrey Fields
Special Agent Jeffrey Fields

Closing out the day with the final keynote, Jeffrey Fields, FBI Assistant Special Agent in Charge, hosted a conversation on “transnational repression,” when foreign governments attempt to harass, threaten, assault, or assassinate individuals located in other countries, including the United States. 

Foreign government actors “don’t want to put themselves at risk by traveling into the United States or into Western Europe or other places where dissidents may live,” Fields said. As a result, they may use online platforms as a vector to contact dissidents abroad and attempt to silence them. While transnational repression can lead to assassinations or attempted assassinations, most of the time it tends to be carried out through cyberattacks, malware hacking, physical surveillance, and contact through proxies. 

“Transnational repression is one of our major priorities,” Fields said. “Berkeley is a premier incubator of free speech and thought. What authoritarian dictators fear more than armies, more than battleships, and more than guns and bullets, are ideas. They fear words that those ideas form, because those words now offer an opportunity for debate and discourse for questions to be asked.”

Fields emphasized that freedom of speech is particularly important for “disenfranchised communities, persecuted communities, and marginalized communities,” as “our voices are the single most powerful thing that we still have agency over, that we still have control and dominion over. Our freedom of speech is sacrosanct.” 

Cyber Defending Taiwan: Lessons from Ukraine