Defending Taiwan's Drones
The Impact of Cyber Threats on Military Readiness and Strategy
Overview
Taiwan is navigating a challenging geopolitical landscape marked by increasing tensions with China, particularly over military capabilities and technological advancements. In recent years, Taiwan has significantly expanded its military investment in drone technology to bolster its deterrence capabilities against potential threats. A key part of this strategy is a $164 million deal with the United States to acquire nearly 1,000 drones, including the advanced Switchblade 300 and Altius 600 MV models [1]. While these acquisitions enhance Taiwan's asymmetric warfare capabilities, they also open up new avenues for cyber threats that could undermine national security.
As Taiwan’s reliance on drone technology grows, the associated risks from cyberattacks, particularly from state-sponsored actors, are becoming more pronounced. Successful cyberattacks targeting drone manufacturers could lead to the theft of sensitive information, disrupt critical operations, and weaken Taiwan’s military preparedness.
This article examines the emerging cyber threats facing Taiwan’s drone industry, evaluates the current cybersecurity measures in place, and suggests further actions Taiwan can take to mitigate these risks.
Analysis
The Shift Towards Drone Technology
Taiwan's pivot toward drone technology aligns with its broader defense strategy to counterbalance China's military advancements. The recent acquisition of 1,000 drones underscores Taiwan's commitment to building an asymmetrical defense posture, where speed, precision, and adaptability are key. The Switchblade 300, designed for rapid deployment and precision strikes, and the Altius 600 MV, built for anti-armor engagements, are crucial components of this strategy [1] [2].
In addition to these acquisitions, Taiwan's defense budget for 2024 earmarks approximately $17.4 billion for military enhancements, with a significant portion allocated to drone development [3]. As of mid-2024, Taiwan has over 40,000 registered drones and more than 20,000 certified operators [4]. This sector is growing along two key dimensions: larger drones with extended operational ranges and smaller drones with advanced precision capabilities [5]. To keep pace with this growth and address the security risks involved, the government plans to implement comprehensive regulations by 2027. These regulations aim to ensure that all drones meet stringent cybersecurity requirements [6] [7].
As indicated by this rapid investment, drones are becoming an integral part of Taiwan’s comprehensive military strategy. They not only provide operational advantages but are essential in defending against China’s growing military presence in the region. According to a report by the Center for a New American Security, drones are likely to play a crucial role in future conflicts, including potential swarms of drones defending Taiwan against Chinese aggression [12]. This growing reliance on drones highlights the importance of securing this technology from both physical and cyber threats.
The Emerging Cyber Threats
As Taiwan’s drone sector expands, it becomes an increasingly attractive target for cyber adversaries. The TIDRONE threat group, linked to Chinese-speaking cyber actors, has been particularly active in targeting military-related industries, especially drone manufacturers [8] [9]. Since early 2024, TIDRONE has methodically focused on Taiwan’s military supply chain, using advanced techniques to steal sensitive data and compromise critical infrastructure [10] [11].
TIDRONE’s activities reflect a deeper level of espionage, which is aimed at acquiring cutting-edge technological knowledge to enhance military capabilities. This aligns with China’s broader goals of bolstering its defense posture while weakening its adversaries. The increasing frequency of cyber intrusions highlights the dual challenge Taiwan faces: advancing its military capabilities while simultaneously safeguarding those very advancements from sophisticated cyber threats.
TIDRONE’s Advanced Malware and Techniques
TIDRONE employs a variety of sophisticated malware tools to achieve its objectives. For instance, the malware CXCLNT allows attackers to upload and download files, exfiltrate sensitive data, and erase traces of their activities, making it a versatile instrument for cyber intrusions [9]. Additionally, CLNTEND, a recently identified remote access tool (RAT), supports multiple network protocols, complicating detection efforts and enabling TIDRONE to operate undetected within compromised environments [10].
Typically, TIDRONE’s attack patterns begin with infiltrating target systems via commonly used software, such as enterprise resource planning (ERP) applications or remote desktop tools. Once inside, the malware enables lateral movement across networks, allowing attackers to escalate their access privileges. Notably, TIDRONE has been known to replace legitimate executables with malicious versions, making it difficult for traditional security measures to detect these breaches [9] [11].
Credential Harvesting and User Account Control Bypass
A key component of TIDRONE’s strategy is its focus on credential harvesting and user account control (UAC) bypass techniques. These methods allow the group to maintain persistent access to compromised networks while avoiding detection by standard security measures. By bypassing UAC prompts, TIDRONE can execute privileged operations without triggering alarms [9] [10]. This capability significantly increases the risk of data exfiltration and other malicious acties.
Through credential harvesting, TIDRONE gains unauthorized access to sensitive systems, allowing attackers to move laterally within networks. The malware is designed to gather comprehensive victim information, including usernames, passwords, and system architecture, which can then be exploited in subsequent attacks [8]. These techniques highlight the urgent need for robust cybersecurity measures to address even minor vulnerabilities, as these can lead to significant breaches.
Read more about how Taiwan's cybersecurity revolution protects the Internet of Things (IoT)
Impact on Taiwan’s Defense Posture
The implications of TIDRONE’s activities are far-reaching. Taiwan’s drone manufacturing sector plays a crucial role in the global defense supply chain, and any successful breach could lead to the theft of sensitive military data and intellectual property, threatening both national security and international alliances [10] [11]. Moreover, TIDRONE’s espionage efforts are likely aimed at enhancing Chinese military capabilities, further complicating Taiwan’s strategic position.
Compounding these challenges is the growing number of Chinese cyber operations targeting Taiwanese entities across sectors such as government and telecommunications. Reports from cybersecurity firms have noted a marked rise in attacks, with multiple high-profile incidents resulting in the theft of sensitive information from major Taiwanese organizations [12]. Recognizing the gravity of these threats, Taiwan's Ministry of National Defense has prioritized strengthening its cybersecurity infrastructure to safeguard against such incursions [9].
Current Cybersecurity Measures and Frameworks
In response to these escalating threats, Taiwan has rolled out a range of cybersecurity initiatives designed to bolster its defenses. Acknowledging the critical role of cybersecurity in national security, the Taiwanese government has integrated it into its wider defense strategy. This has led to the creation of a comprehensive regulatory framework emphasizing early threat detection and rapid incident response [10].
Central to these efforts is the National Institute of Cyber Security (NICS), which is tasked with conducting research, formulating policy recommendations, and providing support during cybersecurity incidents. To achieve its goals, it relies on Taiwan’s regulatory framework anchored in the National Cyber Security Program (NCSP), which sets strategic goals in four year phases. The sixth phase of its development plan (2021 to 2024) emphasizes proactive defense measures, early threat detection, and improvements in incident response capabilities [10]. Recent initiatives include mandatory cybersecurity training for public officials and regular drills to ensure preparedness across government agencies [9]. (The NCSP phase seven development plan (2025-2029) has yet to be published.)
Additionally, the Ministry of Digital Affairs is spearheading the development of drone-specific regulations, which will require all drones operating in Taiwan to comply with stringent cybersecurity standards [7]. Taiwan’s commitment to these measures is further reflected in its growing cybersecurity sector, which expanded by 11.9% from 2020 to 2021—well above the global average of 2.8% [9].
Read more about Taiwan's approach to security frameworks to build its cyber resilience in the semiconductor supply chain
International Cooperation and Public Awareness
Recognizing that cyber threats often transcend national borders, Taiwan has also actively sought international partnerships to bolster its cybersecurity capabilities. Joint cyber exercises with allies such as the United States and Japan, like the Cyber Offensive and Defensive Exercises (CODE), focus on knowledge sharing and technical collaboration [10].
Taiwan is committed to raising public awareness about cybersecurity as well. Campaigns aimed at educating both citizens and organizations on potential threats and best practices help foster a culture of vigilance. The monthly "Cybersecurity Report," released by the Administration for Cyber Security, serves to inform stakeholders about the evolving threat landscape and promote ongoing awareness [9].
A Strategic Outlook
Taiwan stands at a critical juncture in its efforts to secure its military drone capabilities amid an evolving cyber threat landscape. While significant strides have been made in enhancing cybersecurity measures, the need for continuous adaptation and vigilance remains paramount. As Taiwan's drone industry expands, it must balance military advancements with robust cybersecurity strategies to safeguard against espionage, sabotage, and disruption.
International cooperation, combined with strong internal regulations and public awareness campaigns, will be essential in bolstering Taiwan's defenses. By strengthening its cybersecurity infrastructure and fostering global partnerships, Taiwan can better protect itself from the sophisticated cyber threats that increasingly challenge its military readiness [9].
—
1. WION. “Taiwan to Acquire Nearly 1,000 Killer Drones from the U.S.” Video transcript, October 2024.
2. Trend Micro. "TIDRONE Targets Military and Satellite Industries in Taiwan." September 6, 2024.
3. Infosecurity Magazine. "China-Linked Threat Actors Target Taiwan Military Industry." 2024.
4. SecurityWeek. "China-Linked Hackers Target Drone Makers." September 10, 2024.
5. Dark Reading. "'TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers." September 8, 2024.
6. RTI Radio Taiwan International. "Taiwan to Apply Comprehensive Drone Regulations by 2027." July 31, 2024.
7. Taiwan News. "Taiwan to Regulate Drone Sector by End of 2027." July 31, 2024.
8. TechRadar. "Persistent Malware WordDrone Exploits DLL Side-Loading to Compromise Taiwan's Drone Industry." October 5, 2024.
9. Institute for National Defense and Security Research. "Latest News." August 2024.
10. Recorded Future. "Taiwan’s Cybersecurity Landscape: Emerging Threats and Responses." 2024.
11. Cyber Security Review. "Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations." June 24.
12. Pettyjohn, Stacie, Hannah Dennis, and Molly Campbell. "Swarms Over the Strait: Drone Warfare in a Future Fight to Defend Taiwan." Center for a New American Security, June 2024.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.
Disclaimer: The CyberSec Taiwan Substack account is not affiliated with iThome or its annual CYBERSEC conference in Taiwan.