The Home Threat of a War in Taiwan

Democracy Examined

China is preparing to target the American mainland if a war in Taiwan breaks out

China will be ready to invade Taiwan in 2027, John Aquilino, commander of the Indo-Pacific Command, testified before the House Armed Services Committee on Wednesday.

For the United States, that could mean war. In 2022, President Biden was asked, “So unlike Ukraine, to be clear, sir, U.S. forces… would defend Taiwan in the event of a Chinese invasion?” Biden responded with an unambiguous, “Yes.”

The military threat to the Chinese and American mainlands would remain low during a war, as neither side wishes to risk nuclear escalation. Unfortunately, that does not mean that the US is safe.

Over the past few years, the US has uncovered numerous Chinese state-backed plots to infiltrate American civilian infrastructure networks. These attacks aim to install malware that can cripple the utilities and communication networks that sustain our society, bringing American life to a standstill.

Last month, the US intelligence community and some international allies produced a report outlining the strategy and tactics of the Chinese state-sponsored actors. Then on Tuesday, National Security Adviser Jake Sullivan sent a memo to state governments warning them about new attacks on US drinking water infrastructure orchestrated by China and Iran.

The message from both is clear: the cyber threat to American infrastructure is rising, and we are struggling to stay ahead.

What Could the Attacks Look Like?

An invasion of Taiwan “might very well be coupled with the explosion of multiple gas pipelines, the mass pollution of our water systems, the hijacking of our telecommunication systems, the crippling of our transportation nodes… all designed to incite chaos and panic across our country and deter our ability to marshal military might and citizen will,” according to Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency. The Chinese government is already laying the trap.

In May of 2023, state-backed hackers infiltrated critical infrastructure networks on the island of Guam. In the event of a war with Taiwan, the US military base on Guam would be a key staging area for its defense, making it a prime target for Chinese interference.

The Guam cyber attack was orchestrated by a Volt Typhoon, a state-sponsored actor that is emerging as the largest known threat to infrastructure networks. It relies largely on “living off the land” techniques, where networks are infected with fileless malware that can evade detection by antivirus software. Once infected, the hacking group will “perform espionage and maintain access without being detected for as long as possible,” according to Microsoft Threat Intelligence.

While the Guam threat was uncovered shortly after it began, Volt Typhoon has been linked to cyberattacks across the US. Targets include an oil and gas pipeline, a Texas power grid operator, a West Coast port, and a water utility in Hawaii.

In January, FBI Director Chris Wray announced that American authorities had disrupted a Volt Typhoon operation taking advantage of utilities running outdated systems that were no longer receiving software updates from their manufacturers. Like in Guam, the malware aimed to hide on the networks undetected. American authorities managed to remove the malware from the infected devices and install a security patch before significant damage had been done.

While the US security community is highly attuned to the threats posed by these cyber attacks, many of them are going unnoticed. Some malware was present on infected infrastructure systems for five years before it was discovered.

According to Wray, “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”

Would China Really Strike the US?

China is undoubtedly building out the capability to disrupt American infrastructure, but there is no guarantee that the Chinese government will target American infrastructure even in the event of war. After all, the US has been backing Ukraine in its war against Russia for more than two years and Russian hacks against critical American infrastructure have been meager. Yet while Putin has calculated that opening a cyberwar with the US will backfire, the Chinese leadership may think differently.

Russia’s strategy since failing to quickly conquer Ukraine has been to outlast the West, believing that a simmering conflict favors Russia. China, on the other hand, may try to shock the US and its allies into inaction at the onset of the war with a major attack or slowly raise the cost of backing Taiwan with persistent attacks.

“They’ve seen that Russia, probably for fear of escalation, held off on going after our critical infrastructure,” according to Cybersecurity and Infrastructure chief Jen Easterly. “I think that they’ll be less restrained.”

With significant disruptions, China could drive a wedge through the American public between those committed to defending Taiwan and those who want to see life go back to usual. It’s a risk, but one that Xi may be willing to take.

“China’s planning is likely bound by a desire to minimize the probability of a general war with the United States. Cyberattacks against targets in the continental United States and Hawaii could threaten to prolong any conflict and make it unmanageable. The question for China’s leaders is whether quick and precise strikes on civilian critical infrastructure with temporary effects justify this strategic risk,” according to James Andrew Lewis of CSIS. “In preparing to defend against cyberattacks, however, the United States cannot assume that China will decide on a minimalist course.”