CNAS Releases New Report “Phishing in Troubled Waters: Confronting Cyber Espionage Across the Pacific and the Strait of Taiwan”

Washington, April 10 – As President Donald Trump and Chinese President Xi Jinping conclude a summit featuring extensive conversations on bilateral commerce, the Center for a New American Security (CNAS) Asia-Pacific Security Program has released a new report on the economic and strategic costs of China’s cyber espionage in the United States and Taiwan. In “Phishing in Troubled Waters: Confronting Cyber Espionage Across the Pacific and the Strait of Taiwan,” authors Harry Krejsa and Hannah Suh argue that the United States and Taiwan are China’s primary targets for cyberattacks, that they share similar vulnerabilities, and that they must collaborate on shared solutions.

The full report can be found here: https://www.cnas.org/publications/reports/phishing-in-troubled-waters-1.

Please find the report’s executive summary below:

Because China’s two chief targets of strategic attention are the United States and Taiwan, they are understandably also Beijing’s chief targets of cyberattack and espionage. Both countries have high-skilled economies with open, democratic systems, and Washington and Taipei unfortunately possess comparable vulnerabilities to cyberattacks. Facing similar threats and suffering from similar weaknesses, the United States and Taiwan should collaborate on developing shared solutions.

This report analyzes the asymmetric nature of cyber capabilities that make the United States and Taiwan so attractive for Chinese strategic planners. It examines the immense costs—tangible and intangible—that have been borne by the United States and Taiwan as a result of Chinese cyber intrusions so far. The diffuse nature of these costs also explains why the private sector has not yet been able or willing to fully develop the technologies and practices necessary to significantly hinder these attacks. Because of poor private-sector incentives to confront cybersecurity more directly, interventions and initiatives by the U.S. and Taiwanese governments will increasingly be necessary. This will require thinking about cybersecurity more as a domain of conflict requiring continuous attention and strategic analysis than as a singular issue to be mitigated with ad hoc policy tweaks.

Washington and Taipei will need to approach the shared threat of Chinese cyber capabilities collaboratively, but also innovatively. Cyber threats will not be mitigated through traditional templates of bilateral cooperation, whether they are joint production agreements or memoranda of understanding on information sharing. Rigorous real-world exercises to identify existing gaps in capabilities and gauge progress over time on rectifying them, and more specialized government-to-government contacts must be developed through the Department of Homeland Security and its Taiwanese counterparts. International public-private partnerships will be a necessary start—with the crucial supplement of learning about confronting asymmetric threats strategically from successful counterterrorism initiatives. This administration has already shown a willingness to nudge U.S.-Taiwan relations beyond what has previously been considered politically palatable—which may augur well for such experimentation in cyber collaboration.

Krejsa and Suh are available for interviews. To arrange one, please contact Neal Urwitz at nurwitz@cnas.org or 202-457-9409.