Tuesday, January 21, 2025
Latest:
The Register

Hackers game out infowar against China with the US Navy

TH Author

Picture this: It’s 2030 and China’s furious with Taiwan after the island applies to the UN to be recognized as an independent state. After deciding on a full military invasion, China attempts to first cripple its rebellious neighbor’s critical infrastructure.

That’s the scenario set up as a wargame exercise by the US Naval War College, which invited technology specialists, infrastructure experts, and hardcore hackers to study the problem. Last August, at the Black Hat and DEF CON security conferences in Las Vegas, players were separated into teams and during a three-hour session tried to stress-test Taiwanese infrastructure and look for weaknesses.

The two Naval academics running the exercise detailed the results to attendees at the ShmooCon infosec conference in Washington DC earlier this month, and discussed them with The Register.

In the three-hour wargames, the participants considered two scenarios. The first proposed a purely online attack against power, data, and critical infrastructure. The second narrative considered what could happen if China carried out military attacks and sabotage as well. The wargames are part of the Navy’s three-year Taiwan Resilience Project that’s designed to find the best ways to protect Taiwan’s critical infrastructure.

The teams came up with 65 recommendations for areas that Taiwan could invest in currently to get ready for 2030, and found some glaring weaknesses in Taiwan’s current infrastructure that could be open to exploitation. For a start, 97 percent of the country’s data arrives via 16 cables (one recently severed), and three of them are routed through China.

“You know, having the internet in Taiwan is basically seen as a constitutional right,” explained Jason Vogt, assistant professor in the Strategic and Operational Research Department (SORD) and the Center for Naval Warfare Studies.

“So it’s not just getting the power on and getting running water. They see the internet as being on par with those things. And so they’re investing in satellite communications infrastructure and that sort of thing to make themselves more robust. But frankly, they’re gonna have to do a lot more if they’re at war.”

Do look up for connections

On the satellite front Taiwan isn’t covered by Starlink (and isn’t keen on Musk after he declared the island is an “integral part” of China) but the government is in talks with Amazon’s Project Kuiper. It has also been investing in Eutelsat OneWeb, said Dr Nina Kollars, associate professor at the College’s Cyber and Innovation Policy Institute, because the GEO-LEO satellite operator is seen as a safe option.

“They’re moving as fast as they can,” she explained. “They cut a deal with OneWeb and that went public a year ago. The UK government has a golden share in OneWeb, which means that it can’t be bought out by China.”

Power is a major issue as well. Taiwan used to have a range of nuclear reactors but only one is still operational and no more are being built – meaning 80 percent of the island’s power comes from coal or gas, which must be imported. There are relatively few central power generation facilities and transmission lines of the mountainous island are vulnerable to attack or sabotage.

“The local [Taiwanese] Green movement wants to get out of nuclear, they want to go green, and so they’re looking at solar, they’re looking at offshore wind, which makes perfect sense,” Vogt said, adding that nevertheless nuclear plants were “remarkable energy producers,” and could stockpile fuel easily.

“There are some vulnerabilities on the solar side, because the vast majority of those panels come from China. It’s not an immediate threat, but it could be. I think the concern that we have is that if you’re, if you kind of rush to do this, and security is not like top [of] mind, cyber security, that you are creating more vulnerabilities, especially as you start to adopt smart grids and things like that.”

On the communications front, the wargame posited that China would try to cut off Taiwan’s capital, Taipei, from the rest of the country by destroying cellular network stations. In order to ensure this didn’t happen team members tried some novel strategies, including Bluetooth mesh networks and alternative communications tech.

“Bluetooth is leveraging the fact that every person has a phone and that Taiwan is densely populated to begin with. So you do these peer-to-peer Bluetooth connections, and use that to spread government information if the cell infrastructure was destroyed,” Vogt said.

“Microwave is a big one. I think we didn’t appreciate this but they are very good with microwaves, using some of the most advanced microwave technology in the world to get over the mountains. They’re very comfortable using it and there’s a lot you could do with that, powering stations locally.”

The teams also came up with other ideas that surprised the moderators. One suggestion was using the next five years to develop a civilian core trained in hacking and repairing networks. Stockpiling key equipment, such as cell towers and cabling, was another idea.

Some of the ideas were slightly more off the wall. One member posited using Taiwan’s historical artifacts to protect key sites. In 1949 the defeated Chinese Nationalist leader Chiang Kai-shek fled to Taiwan, and brought over most of China’s cultural icons. If these were sited near key targets, it might deter a physical attack, was one suggestion.

Open and closed doors

The first game was played in private and anonymously, although participants could give their names if they wanted to. The second game was public on the floor of DEF CON and attracted a lot of attention.

“The second iteration was a little bit loud and noisy, but you deal with that and it was certainly a different kind of exposure,” Kollars recounted. “I will say that it made a lot of colleagues from other places in the Navy quite frankly terrified – from the fidelity of the maps to the sheer number of Chinese people taking pictures.”

One of the people watching was the deputy director of Taiwan’s Ministry of Digital Affairs, who was at the show giving a presentation. He was very impressed and asked if the team would like to come to Taiwan in April and run the next set of wargames with Taiwanese officials and hackers, in private this time.

The conclusions from the contests were that there were three possible strategies to deal with a Chinese attack. Firstly, critical infrastructure targets could be built in clusters away from the vulnerable western shore of the island. This would ensure civilian centers were safer, but the sites might be vulnerable to attack.

Alternatively, Taiwan could try radical decentralization, setting up small, easy-to-fix cell and ham radio stations. The local populace could be trained to maintain and repair them and solar, wind, or other renewables could provide power. It’s a high-cost strategy but could give China too many targets to deal with.

The third idea was to take advantage of Taiwan’s mountainous terrain, dig in, and thus gain protection from attack. Equipment stockpiles, satellite ground stations, and cellular networking kit could all be hidden in the mountains and maintained by a small cadre of trained civilians.

Ultimately, Vogt suggested, if China invades, a digital attack is inevitable, but it might not be the slam dunk some in the People’s Liberation Army may be anticipating. He pointed to the example of Ukraine, where Russia was expecting to steamroller the country in days. While China has massive resources, with the right preparation Taiwan could make things uncomfortable for the Middle Kingdom. ®

READ MORE HERE