Cyberattacks originating in China that targeted Taiwan’s critical energy infrastructure increased 10-fold last year, the National Security Bureau said on Sunday last week, underscoring the growing cyberthreat facing the nation’s essential services.

China’s cyberforces attempted an average of 2.63 million intrusions per day against Taiwan’s critical infrastructure, with forays into the energy sector rising 1,000 percent from 2024, and those targeting emergency rescue services and hospitals up 54 percent, the bureau said in a report.

It identified four primary tactics: exploitation of hardware and software vulnerabilities, distributed denial-of-service attacks, social engineering and supply chain infiltration. Chinese hackers have exploited weaknesses in information and communications technology equipment produced by international suppliers or incorporated through government procurement joint supply contracts, vulnerabilities that often remain undetected until systems are fully deployed.

Social engineering remains a particularly effective tactic. Hackers frequently pose as business contacts or trusted partners, sending phishing e-mails designed to trick targets into clicking malicious links or opening infected attachments. More sophisticated operations involve coercing or recruiting people with legitimate system access by exploiting financial vulnerabilities or personal secrets.

To counter the threats, the bureau said that it has held information security dialogues and technical conferences with counterparts in more than 30 countries, while continuing to work closely with international partners to improve threat intelligence sharing and early warning capabilities.

Given what is known about the methods, many attacks could be mitigated through relatively straightforward defense measures. Mandatory cybersecurity training would help employees recognize social engineering attempts, while confidential reporting mechanisms can allow those facing coercion to seek help without fear of reprisal. Risk can also be reduced through greater compartmentalization of systems and data, limiting access privileges so that breaches have minimal effect.

Addressing hardware and software vulnerabilities is more challenging. Facilities designated as part of Taiwan’s critical infrastructure should be required to register their hardware and information systems with the National Institute of Cyber Security, which would enable authorities to track security updates and issue warnings when equipment must be patched, isolated or removed.

Questions are often asked about why hospitals and clinics need to be connected to the Internet given the cyberrisks involved. However, modern healthcare depends on digital connectivity. Medical imaging is frequently sent to offsite specialists for diagnosis and patients commonly receive care across multiple facilities that must share records in real time. Disconnecting hospitals from the Internet would delay treatment and increase the risk of medical errors.

Moreover, keeping hospitals offline would not guarantee security. Modern medical equipment requires regular software updates and can be compromised regardless of how updates are delivered. Many diagnostic systems rely on artificial intelligence, which is typically processed offsite, while telemedicine has become essential for patients in remote or underserved areas. Hospitals also depend on online systems for ordering medicines and supplies, managing blood banks and organ transplant logistics, and handling billing, insurance and regulatory compliance.

Despite the constraints, healthcare institutions could significantly reduce risk through network segmentation, separating clinical devices from administrative and Internet-facing systems. Strict access controls and zero-trust architecture — under which no device or user is automatically trusted — can improve defenses, alongside limiting Internet access, whitelisting vendor connections and implementing one-way data flows where feasible.

Taiwan faces an unusually high volume of cyberattacks compared with other developed economies, but it provides an opportunity to properly test defensive technologies and train people to be aware of the risks. The government should deepen international cooperation by inviting foreign experts to study Chinese cyberoperations firsthand and jointly develop countermeasures.

While cyberthreats continue to escalate, defensive technologies are advancing in parallel and public awareness of malicious activity is improving. Taiwan’s precarious geopolitical position makes it a frequent target, but it also presents a unique opportunity to be a global leader in cybersecurity. To do so, the government must continue investing in workforce training, supply chain security and international collaboration to safeguard the systems that underpin modern society.