Pages

30 January 2024

Taiwan and Japan must learn from Russian cyberwarfare

Yuster Yu and Mihoko Matsubara

Cyberwarfare has emerged as a significant element of modern warfare ever since Russia's invasion of Georgia in 2008.

In that campaign and others since, Russia has used cyberattacks to collect intelligence on opponents' military operations and civil services. Cyber operations have also played a role in targeting attacks for bombings and sabotage. For instance, Russia allegedly utilized hacked online surveillance cameras in Kyiv to reconnoiter critical infrastructure facilities for targeting with missiles earlier this month.

Given Beijing's belligerent attitude toward the election of Lai Ching-te as Taiwan's next president and its refusal to renounce using force against the island, it is important that China's neighbors review their cybersecurity defenses and seek lessons from Russia's attacks and Ukraine's responses. Japan in particular could be targeted as a supporter of Taiwan and a treaty ally of the U.S.

It is important to note that Russia's cyberattacks have not been as successful as Moscow likely expected, but both Russia and China are learning from those failures to improve their tactics, techniques and procedures, and this could make future strikes more effective.

Already, Russia's cyberattacks have disrupted critical infrastructure such as telecommunications and electricity networks in Ukraine.

A cyber assault last month on Kyivstar, Ukraine's largest telecom operator, affected 40% of its network infrastructure, temporarily paralyzing air raid alert systems, ATMs and in-store credit card payment terminals. The company later said it incurred a $95 million loss from the attack. In October 2022, a power outage caused by hackers coincided with massive missile strikes against critical infrastructure across Ukraine, in line with Russian military writings that emphasize synchronizing cyber and traditional military operations.

Ukraine's experience shows how prewar preparation is indispensable for enhancing national cyber defenses and the resilience of critical infrastructure to absorb cyberattacks. In between Russia's initial seizure of Crimea and parts of Donetsk and Luhansk in 2014 and its full-scale invasion in 2022, Kyiv had had eight years to accumulate experience and strengthen its capabilities, learning from incidents like Russian cyberattacks on its power networks in 2015 and 2016. Kyiv created a database linking Russian cyberattacks to the hacker groups involved and their methodologies to highlight weak points to be addressed.

Ukraine's relative success in cyber defense has also been partly the result of cooperation with foreign governments and technology companies. For example, dozens of U.S. tech companies joined together after the outbreak of war in 2022 to share cyber threat intelligence with Ukraine through the Cyber Defense Assistance Collaborative.


A Kyivstar store in Kyiv: A cyber assault on the telecom operator affected 40% of its network infrastructure, paralyzing air raid alert systems and ATMs. 

The U.S. Army Cyber Command joined with industry experts to enhance Ukraine's ability to detect and remove potential malicious hacking footholds in its IT systems just a couple months before Russia's invasion. The team reportedly removed malware from the networks of the Ukrainian Railways, likely thwarting a potential shutdown of the train network during Moscow's initial attack.

There should be little doubt that China is capable of using its cyberwarfare capabilities to wreak havoc. Microsoft, for example, found last year that Chinese hackers had breached infrastructure systems in Guam and the U.S. mainland, apparently attempting to lay the groundwork for disrupting military operations on the U.S. Pacific territory which would play a critical role in responding to any Chinese attack on Taiwan. Other reports have tied Chinese hackers to system intrusions at U.S. ports, pipelines and public utilities.

Taiwan and Japan must be prepared to face such cyberattacks too. Neither has accumulated sufficient real-world experience in dealing with destructive cyberattacks although China has been conducting electronic espionage on both for many years.

Japan's National Police Agency, for example, reported in 2021 that Chinese hacking group Tick attempted to penetrate the systems of 200 organizations including the Japan Aerospace Exploration Agency. Chinese hackers also are suspected of involvement in a ransomware attack last July at the port of Nagoya which paralyzed cargo shipping for two days. Ahead of Taiwan's election this month, Google-owned cybersecurity company Mandiant highlighted a steep rise in espionage attempts against governmental, corporate and infrastructure systems.

In this context, Taiwan and Japan share many of the same cyber threats. It would thus make sense if private-sector players from each side together created a mechanism to share and utilize regional cyber threat intelligence as well as lessons from Ukraine and elsewhere overseas. They could also discuss the tactics and techniques of Chinese hackers.

This is best handled through the private sector to get around diplomatic and political challenges from intergovernmental cooperation, given that Japan does not have official ties with Taiwan. Plus, in cybersecurity, the private sector arguably has more capabilities to offer than the government.

Taiwan and Japan have fostered a close partnership and trust in recent decades, supporting each other in difficult times including amid COVID-19 vaccine shortages. Now it is time for the two to work closely together in cybersecurity to prepare for potential crises and better secure critical infrastructure.

No comments:

Post a Comment