Beneath the Waves: The Cybersecurity Threat to Taiwan’s Undersea Cables
How Taiwan's Digital Lifelines Are Vulnerable to Cyber Threats and What Needs to Be Done to Protect Them
Overview
In recent years, there has been a surge of concern regarding Taiwan’s undersea cable vulnerabilities, with many analyses focusing on their strategic importance and physical security. However, this article specifically focuses on the cyber threat aspect tied to these critical infrastructures. As Taiwan stands at the geopolitical crossroads of rising tensions in the Indo-Pacific, the cybersecurity dimensions of its undersea cable network have become an increasingly significant issue, with implications stretching far beyond its borders [15].
Taiwan’s reliance on undersea cables for global connectivity serves as both a strategic asset and a critical vulnerability. Approximately 99% of its international data traffic flows through these cables, underpinning the island's economic activities, governmental functions, and military operations [10][11]. While these cables facilitate seamless global communication, they also present potential entry points for sophisticated cyberattacks targeting network management systems, compromising data integrity, and threatening secure communication channels [9]. Given Taiwan’s pivotal role in the global technology supply chain and its strategic position in U.S.-China tensions, understanding these cyber threats is imperative.
The Cyber Threat Landscape
The cybersecurity threats to Taiwan’s undersea cables encompass a range of attack vectors that exploit both digital and physical vulnerabilities. While instances of physical sabotage, such as the recent suspected cable cuts near Keelung Harbor by Chinese vessels, have garnered significant attention [2][5][6], the less visible but equally dangerous cyber threats include sophisticated hacking campaigns aimed at undermining the integrity, confidentiality, and availability of data transmitted through these cables.
The network management systems and critical infrastructure associated with undersea cables, such as cable landing stations and operational control networks, represent significant cyber risks. These systems are responsible for monitoring and managing data flows, making them prime targets for cyber adversaries seeking to disrupt services, conduct espionage, or manipulate critical data [1][7]. Once compromised, attackers can gain persistent access, enabling them to intercept, reroute, or degrade communication traffic, often without immediate detection [3].
Moreover, Taiwan’s undersea cables are vulnerable to sophisticated supply chain attacks. These can occur during the manufacturing of cable components, installation of hardware, or software updates in network infrastructure. Notably, incidents involving suspicious activities by foreign vessels near Taiwan’s cable routes have heightened concerns about covert operations aimed at compromising both physical and cyber elements of these networks [8]. State-sponsored actors with advanced capabilities, like China’s PLA Information Support Force, have demonstrated interest in exploiting such vectors for cyber espionage. This group, and others, aim to utilize tactics such as compromising third-party vendors, infiltrating supply chains, and deploying advanced persistent threats (APTs) to maintain covert access to critical infrastructure systems, which can enable long-term surveillance, data exfiltration, and strategic disruption capabilities [12].
As Taiwan’s undersea cables are integrated into a vast global network, systemic risks extend beyond national borders. A breach in Taiwan’s network could trigger cascading effects, potentially disrupting international data flows and impacting critical sectors worldwide [9]. The interconnectedness of these systems amplifies vulnerabilities, as cyberattacks on key structural nodes can propagate through global communication infrastructures, as demonstrated in the Svalbard Undersea Cable System case [7], where deliberate disruptions to the cable in 2022 highlighted how even isolated incidents in remote regions can cause significant communication blackouts and expose vulnerabilities in monitoring and rapid response capabilities. This interconnected vulnerability is further supported by analyses [13], which emphasize how the strategic targeting of undersea cables could serve as a linchpin in hybrid warfare strategies, allowing state actors to exert geopolitical pressure without engaging in direct military confrontation.
Additionally, as reflected in the table above, there is a diverse range of cyber vulnerabilities facing Taiwan’s undersea cable infrastructure, primarily how threats go further than simple data interception to include traffic manipulation, service degradation, and exploitation during routine maintenance. It illustrates how both state and non-state actors can target various points within the cable ecosystem, leveraging access points to fragment or compromise critical communications. This layered threat landscape underscores the complexity of defending undersea cables in a digital era where physical security measures alone are insufficient.
Legal Dimensions of Cybersecurity Threats
Legal frameworks are essential for shaping Taiwan's strategic response to the evolving threats against its undersea cable infrastructure. While international maritime law, such as the United Nations Convention on the Law of the Sea (UNCLOS), traditionally focuses on the protection of physical maritime assets, its scope is increasingly being interpreted to cover cybersecurity threats due to the dual-use nature of undersea cables for both civilian and military communications [4]. This shift underscores the need for legal interpretations that address not just the physical integrity of cables but also the protection of data transmitted through them, particularly in the context of state-sponsored cyber operations.
Taiwan’s efforts to mitigate these threats have focused on enhancing technological resilience and improving operational protocols. The Ministry of Digital Affairs (MODA) has implemented advanced monitoring systems to detect data flow anomalies, reinforced the physical security of cable landing stations, and strengthened coordination among key stakeholders for incident response [14]. Despite these measures, significant challenges remain in real-time threat detection, cross-border cooperation in cyber incident management, and the establishment of legal frameworks tailored to address cybersecurity threats within maritime environments [4].
Policy Recommendations
To address these multifaceted threats, Taiwan must adopt a comprehensive strategy that integrates undersea cable security into its national defense and cybersecurity frameworks. The following recommendations outline key actions Taiwan should consider:
Integrate Undersea Cable Security into National Cybersecurity Strategy: Taiwan should formally incorporate the security of its undersea cables into its National Cyber Security Program. This integration would ensure these vital infrastructures are recognized as critical digital assets, on par with governmental and military networks. Policies should mandate regular vulnerability assessments, stringent access controls, and the development of specialized response protocols to address both physical and cyber threats targeting cable landing stations and network management systems [3][7][10].
Establish a Cyber-Kinetic Threat Fusion Center: Inspired by the U.S. National Cybersecurity and Communications Integration Center (NCCIC), Taiwan should establish a fusion center within the Administration for Cyber Security under the Ministry of Digital Affairs (MODA), dedicated to aggregating data from maritime surveillance, cybersecurity monitoring, and intelligence agencies. This would enable real-time threat detection and coordinated responses to hybrid threats involving both cyber intrusions and physical sabotage [1][12][13].
Invest in Advanced Encryption Technologies: As adversaries develop more sophisticated means to intercept and manipulate data, Taiwan must prioritize investments in quantum-resistant algorithms to future-proof its data transmissions. Collaborative research initiatives with global tech leaders and academic institutions can accelerate the deployment of cutting-edge cryptographic solutions [9][12]. Taiwan can immediately invest in upgrading the encryption protocols used in its cable landing stations and core network infrastructures by adopting quantum key distribution (QKD) technology. Partnering with existing global quantum technology firms, such as Toshiba, and integrating QKD into current telecommunication infrastructure would enhance data security without requiring an overhaul of the entire network, making it both realistic and scalable.
Diversify Communication Infrastructure: To mitigate risks associated with cable disruptions, Taiwan should diversify its communication infrastructure. Expanding satellite-based internet services through partnerships with providers like OneWeb can provide redundancy for critical government and commercial operations. Additionally, investing in domestic satellite capabilities will ensure strategic autonomy and reduce reliance on foreign technology during crises [8][14].
Foster International Collaboration: Taiwan must strengthen its partnerships with organizations like the Maritime Cybersecurity Information Sharing and Analysis Center (ISAC) to benefit from shared threat intelligence, coordinated incident response strategies, and best practices in undersea cable security. Bilateral agreements with like-minded nations can also facilitate joint cybersecurity exercises and capacity-building initiatives [6][15].
Strengthen Public-Private Partnerships: Given that much of Taiwan’s undersea cable infrastructure is managed by private entities, fostering robust public-private partnerships is vital. The government should create platforms for regular information exchange, joint risk assessments, and collaborative incident response planning with organizations like Chunghwa Telecom and CyCraft. Encouraging private sector participation, with organizations like in national security exercises will ensure that both public and private stakeholders are prepared to handle complex, multi-faceted threats [11].
1. Boschetti, Nicolò, & Gregory Falco. Underwater Cyber Warfare: Submarine Communications Cables Architecture and Cybersecurity Analysis. Cornell University, 2025.
2. Brock, Joe. Reuters - U.S. and China Wage War Beneath the Waves: Over Internet Cables. Reuters, 2024.
3. Bueger, Christian, Tobias Liebetrau, & Jonas Franken. Security Threats to Undersea Communications Cables and Infrastructure – Consequences for the EU. European Parliament, 2024.
4. Davenport, Tara. Submarine Cables, Cybersecurity, and International Law: An Intersectional Analysis. Catholic University Journal of Law and Technology, 2015.
5. Fang, Wei-li, & Jake Chung. Chinese Ship Cuts Cable Near Keelung Harbor. Taipei Times, 2023.
6. Hioe, Brian. Another Severed Submarine Cable Raises Alarm in Taiwan. The Diplomat, 2023.
7. Huang, Kenny, Charles Mok, & Christy Yachi Chiang. Protecting Taiwan's Undersea Cables is a Regional Security Imperative. Nikkei Asia, 2023.
8. Kan, Michael. Taiwan Suspects Chinese Ship Sabotaged Undersea Internet Cable. PC Magazine, 2023.
9. Kuszynski, Sarah & Ginny Hamilton Barns. Geopolitics of Undersea Cables: Underappreciated and Under Threat. London Politica, 2022.
10. Mok, Charles, & Kenny Huang. Strengthening Taiwan's Critical Digital Lifeline: An Analysis of Taiwan's Undersea Cable Network Resilience. 2023.
11. Pan, Yijing, & Yang Lanxuan. Submarine Cable Security Crisis 3: Experts Call Submarine Cables Taiwan’s “Digital Lifeline”. Central News Agency (CNA), 2023.
12. Recorded Future. The Escalating Global Risk Environment for Submarine Cables. 2023.
13. Runde, Daniel, Erin Murphy, & Thomas Bryja. Safeguarding Subsea Cables: Protecting Cyber Infrastructure Amid Great Power Competition. CSIS, 2024.
14. Response of Ministry of Digital Affairs to Chunghwa Telecom's Subsea Cable Disruption on January 3, 2025. Ministry of Digital Affairs, 2025.
15. Sherman, Justin. Cyber-defense Across the Ocean Floor: The Geopolitics of Submarine Cable Security. Atlantic Council, 2024.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.
The CyberSec Taiwan Substack account is not affiliated with iThome or its annual CYBERSEC conference in Taiwan.