The current situation in the Ukraine has garnered the world’s attention with stakeholders watching attentively as the crisis unfolds. Such regional hotspots have the potential of spilling over into neighboring countries and pulling in governments from all over the world in some capacity. The threat of armed conflict escalating into a major global engagement is always a possibility. China and Taiwan are eagerly watching the crisis as well, but largely for different reasons. While Taiwan is interested to see how friendly governments come to Ukraine’s aid, China is observing how Russia may go about reclaiming territory of the former Soviet Union, in the attempts of gaining insight into how such an act can be accomplished successfully, should Moscow do just that.

The Russia-Ukraine situation bears striking similarities to longstanding issues between China and Taiwan. Both scenarios feature a larger, stronger government seeking to claim territory that was formerly under its historical control. And while both boast some of the largest, most advanced militaries, it’s their cyber capabilities that have been discussed frequently in the press. Both China and Russia are highly cyber-capable, with a well-resourced and well-financed cyber apparatus in place able to conduct myriad types of attacks, from the most rudimentary to the most sophisticated. They also both have access to eager nationalistic and patriotic communities ready to be leveraged to support their respective government’s interests. However, while China has used its cyber capabilities primarily to support intelligence collection and intellectual property theft, Russia has been more ambitious trying to figure out how to implement more aggressive cyber attacks into real-world conflicts in which it seeks to achieve a strategic objective.

Many U.S. government officials expect that Russia will execute disruptive cyber attacks against key critical infrastructure targets like energy, finance, and telecommunications prior to executing an invasion in an attempt to incite civil unrest, confusion, and cause the Ukrainian government to divide its attention. Russia has been on the forefront of using cyber attacks during periods of geopolitical conflict from 2007 distributed denial-of-service attacks against Estonia to the 2017 NotPetya ransomware attack that first affected key Ukrainian targets, and several incidents in between. Moscow has achieved varying levels of success during these engagements where it has implemented cyber and information-enabled attacks into its hybrid warfare strategy. With each conflict, Moscow has learned what has worked and what has not, improving how to deploy these offensives against targets culminating in its successful annexation of Crimea in 2014. Follow on cyber and information-enabled operations in the form of disruptive attacks against Ukraine continued on this path. Looking at the current situation, further refinements will likely be exhibited should Russia decide to use military action. There may be no more interested party than Beijing should this happen.

If Ukraine has been a “test bed” for Russian cyber malfeasance, so has Taiwan at the hands of China. Taiwan has been a frequent target of Chinese-initiated malicious cyber activity that has ranged from nuisance type attacks such as web-page defacements, to information theft to support espionage or intellectual property theft, to more disruptive attacks. According to Taiwan officials in 2021, Taiwan faced approximately 5 million cyber attacks a day with nearly half originating from mainland China, though what they considered an attack was not shared, nor were the types of attacks that were recorded. Beijing has demonstrated a full-scope cyber capability and has long been considered the most pervasive cyber actor conducting global cyber campaigns.  According to a 2021 Annual Threat Assessment published by the U.S. Intelligence Community, China – not Russia – was the bigger threat, a determination swayed in part by China’s prolific cyber initiatives. Indeed, Chinese President Xi Jinping promised to make China a cyber superpower in 2014. Per a 2021 report on states’ core cyber prowess, Xi is making good on his promises as China was ranked close behind the United States.

Some other notable examples of China-attributed cyber activity against Taiwan include but are not limited to:

• According to a leading computer security company, between 2020 and 2021, a China-linked state-sponsored actor ran an espionage campaign targeting financial institutions and one manufacturing company in Taiwan.
• In 2020, Taiwan government linked a series of hacking attacks to groups affiliated with the Chinese government. The cyber espionage activity targeted at least 10 Taiwan government agencies, affecting 6,000 Taiwan government officials’ accounts in order to steal important data.
• Also in 2020, Chinese government-linked hackers targeted Taiwan’s CPC Corporation, a state-owned petroleum, natural gas, and gasoline company impacting customers’ ability to purchase fuel. In addition, 10 other critical infrastructure entities were targeted by these hackers. Taiwan government investigative agency determined that these organizations had been targeted by ransomware.
• A Taiwanese cybersecurity company identified Chinese cyber activity stealing source code, chip designs, and other intellectual property from at least seven Taiwanese chip firms over a two-year period. The company indicated potential ties to the Chinese government but stopped short of direct accusation.

Whether purposefully or not, there is evidence indicating that China may have already followed Russia’s lead in getting accesses to targets of interest for follow-on operations. Recent revelations of China’s exploitation of India’s energy sector suggest that China is not only focused on cyber espionage for political and economic advantage, but also creating and maintaining accesses that could be used to facilitate more damaging attacks. Some have considered a power outage in Mumbai may have been a result of a Chinese executed cyber attack, although India denied the allegations.

Given that at least some of Taiwan’s critical infrastructure is connected to the Internet, experts firmly believe that China has already infiltrated key critical infrastructure networks that would enable Beijing to execute disruptive and/or destructive cyber attacks ahead of any invasion of the island. This would be consistent for Beijing who has developed various plans ranging from full military invasion to non-kinetic capture to accomplish this very goal. As a “first strike” weapon, cyber attacks would support either action against Taiwan, though they would have to be executed timely, using the right types of attacks (e.g., disruptive, destructive, influence, propaganda) and against the right targets. This is where Russia’s past experience has been an invaluable resource, and why their use of cyber and information-enabled attacks now will further aid Beijing’s understanding of what can be accomplished using these tools and to what degree they should be relied upon in its own territory reclamation effort. Effective cyber disruption, cyber destruction, propaganda, and internal and external influence messaging all must work in strategic harmony, a difficult feat to achieve. If and when Beijing pulls the trigger on Taiwan, it will so having been informed by the blueprint Moscow has provided. But as its own architect, Beijing will tailor it to suit its own needs.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community