Back to All Insights Subscribe on Substack

Taiwan, Maneuver Warfare, and the Industrialization of Cyber Conflict

Published on

At 2,677 words, this post will take 11 minutes to read.

Wax figure of Chiang Kai-shek in his presidential office at the memorial hall, depicting strategic leadership during Taiwan's formative years.

Taiwan, Maneuver Warfare, and the Industrialization of Cyber Conflict

Imagine a naval warship in the open ocean. Billions of dollars of strategic infrastructure. The enemy actively hunts to destroy it. Standard doctrine says: maximize your sensors, activate every radar system, exploit every technological advantage you own.

But maximum capability creates maximum signature.

Every active radar broadcasts: “high-value target here.”

So the ship turns off its advanced systems. Uses a commercial radar instead. From 100 miles away, it looks like a fishing trawler. The enemy hunting fleet sails past.

This is maneuver warfare, and there’s a common truism that “static targets die. Maneuverable targets survive.” We’ve neglected this fact in the world of cybersecurity.

I spent last week in Taipei discussing digital resilience with government officials, threat intelligence analysts, and critical infrastructure operators. The question everyone asked: How do we prepare infrastructure to survive when static targets become kinetic ones?

Ukraine already answered. In 2022, PrivatBank migrated 4 petabytes in 45 days with zero customer downtime while physical data centers came under attack. They maneuvered faster than adversaries could retarget.

That’s the standard.

After reflecting on my trip, I want to propose an updated version of the common trope: static targets die, obfuscated maneuverable targets survive.

The Architectural Paradox

The conversations in Taipei centered on four architectural tensions facing Taiwan’s digital infrastructure: cloud versus local, redundancy versus backup, peacetime priorities versus wartime priorities, high-tech solutions versus low-tech degradation paths.

Taiwan makes these decisions right now, with billions of dollars and national survival on the line.

The threat intelligence I reviewed during the trip revealed something unexpected. The threat landscape has undergone massive structural transformation. The tactics that defined cyber defense for the past 20 years are mid-collapse. The economics of offense are changing.

Defenders still play by old rules.

Four insights emerged that changed how I think about digital resilience: traditional threat intelligence is collapsing, attackers industrialized while defenders have remained artisanal, the failure of trust is breaking modern computing’s foundational assumption, and the sovereignty-connectivity paradox has no current solution at scale. Together, they explain why static defense fails and what maneuverability actually requires to succeed.

The Death of Traditional Threat Intelligence

Of 150 incidents tracked by Taiwan-based analysts in 2025, 149 used unique malware variants. One-time code, generated per target, with no signature reuse. This is signature obfuscation at industrial scale. Attackers blend. Malicious code masquerades as legitimate traffic. Command infrastructure hides inside AWS and Azure. Detection requires spotting behavioral patterns, not recognizing known signatures.

Signature-based detection is dying.

The real problem runs deeper than technology. The entire threat intelligence economy runs on IOC exchange. Government bulletins share hashes and IPs. Information Sharing and Analysis Centers distribute indicators. Vendors sell threat feeds. All of it assumes that “known bad” signatures have value.

If every attack uses unique code, IOCs become worthless. The currency of intelligence sharing collapses.

Defensive advantage shifts to whoever has the deepest behavioral baselines. You can’t detect “known bad” anymore. You detect “abnormal.” Abnormal requires knowing normal at massive scale, across years, for every asset type in every environment. This compounds over time. If you’ve monitored infrastructure for 10 years and retained the data, you can detect 0.01% deviations from established patterns. If you’ve monitored for 6 months, or your logs age out in 90 days, you can’t. New entrants can’t catch up because they lack historical telemetry. But neither can incumbents if they don’t have effective log retention and deep learning tools to create known good baselines.

Taiwan doesn’t have a decade to build baseline data. Neither do most nations facing sophisticated threats. Borrowed baselines from trusted partners might provide the data moat that smaller nations need to defend themselves.

Japan’s telemetry from NTT’s operational data, US intelligence feeds from CISA and NSA partnerships, Ukraine’s conflict data from two years of active defense under kinetic attack—these become strategic assets for an effective defense posture.

If IOC-sharing frameworks lose effectiveness, what replaces them? How do allies coordinate defense when traditional intelligence currency has no value? I don’t have the answer. Neither does anyone I spoke with in Taipei. But the question demands an answer within 18 months, before the current frameworks become completely obsolete.

The Industrialization Gap

The Chinese threat ecosystem now includes over 250 companies providing specialized cyber capabilities. One company handles reconnaissance. Another handles weaponization. Another provides command infrastructure. Another handles exfiltration. Each firm perfects one discrete phase of the kill chain.

This represents industrialization. Attackers applied manufacturing doctrine to cyber operations. Specialization creates scale. If each firm perfects one phase of the kill chain, the ecosystem can run 10x more campaigns than any single actor could manage alone. This mirrors Toyota’s production system, applied to nation-state hacking. Specialization creates scale, but it also creates obfuscation. When reconnaissance happens in one company, weaponization in another, and C2 in a third, attribution becomes nearly impossible. The kill chain fragments across organizational boundaries that defenders can’t see through.

Meanwhile, defense remains a cottage industry.

Every Security Operations Center builds custom playbooks more or less from scratch. Every vendor sells proprietary tools incompatible with competing platforms. Standardized defensive modules that enterprises can deploy at scale remain absent from the market. We’re still operating like bespoke tailors while attackers scaled like assembly lines.

The winners will be whoever creates composable, standardized defensive services that scale horizontally: the AWS of cyber defense. Think integrated defensive capacity as infrastructure, where adding capacity becomes operational rather than architectural.

This requires rethinking what we sell to the market. Companies require defensive capability that scales like cloud infrastructure scales. Increasing protection must become operational rather than architectural.

Taiwan’s small and medium enterprises face this gap acutely. They form the backbone of the economy. Many don’t have IT departments. Some don’t have IT administrators at all. They hire an engineer to set up email systems and hope for the best.

They can’t build sophisticated defenses. They can’t afford bespoke security consulting at $500 per hour. They need defense-as-infrastructure: something they can deploy without deep expertise, that scales to their size, that integrates with their existing operations without requiring wholesale replacement.

The threat ecosystem has already industrialized to exploit exactly this vulnerability. APT groups targeting Taiwan specifically hunt for these under-resourced organizations, knowing they represent soft entry points into supply chains that connect to larger, more valuable targets.

Should governments mandate defensive standardization the way they mandate standards for physical weapons systems? Can Taiwan create a “minimum viable defense” framework that SMEs can actually deploy without dedicated security teams? Who builds it? Who pays for it?

These questions have no answers yet. But they need answers soon.

The Failure of Trust

Supply chain attacks doubled in 2025 compared to 2024. Threat analysts call this “the failure of trust.” Supply chain attacks succeed through obfuscation. Malicious code hides inside trusted packages, riding legitimate update mechanisms into target networks. The compromise looks identical to normal operations until it’s too late. SolarWinds, 3CX, MOVEit—each succeeded because attackers masqueraded as trusted vendors.

Modern computing architecture operates on layers of assumed trustworthiness: chip manufacturers build clean silicon, operating system vendors ship secure code, cloud providers isolate your data, open-source maintainers patch vulnerabilities, security tool vendors protect rather than expose. Every layer assumes the layer below it functions as designed.

When one layer breaks, the entire stack collapses.

The trust model worked for decades because the number of critical vendors remained manageable and the attackers remained subscale. Large organizations like Intel, Microsoft, and Cisco had reputations to protect and security teams to defend them. You could audit them, negotiate contracts, verify their claims at least partially.

That model has died.

The digital ecosystem’s industrialization created hundreds of specialized vendors, each controlling a discrete piece of infrastructure. The attack surface exploded while the attackers industrialized. Every integration point became a trust boundary, every API call crossed organizational lines, and complex supply chains multiplied trust risk exponentially. This is precisely the complexity attackers began to exploit.

Small and medium enterprises globally, which form the backbone of every economy, lack resources to verify trustworthiness at scale. They can’t audit software supply chains, validate cloud security claims, or inspect hardware for compromises. They accept vendor assurances because they have no alternative.

This creates an impossible choice for critical infrastructure operators: build everything yourself, which becomes impossible at modern scale and speed, or accept external dependencies, which becomes unacceptable when trust fails.

Some organizations retreat to air-gapped fortresses. Others embrace transparency mechanisms like open-source code that anyone can audit, security clearances that verify operator loyalty, or operational frameworks that prove sovereignty through inspectable processes. These approaches help but can’t scale to cover every dependency in a modern technology stack.

The failure of trust explains why the sovereignty paradox exists (more on that in a moment). You can’t trust external dependencies when supply chain attacks double year over year. You can’t survive without external dependencies when innovation moves at cloud speed. The architectural question becomes: How do you build systems that remain verifiable even when composed of untrusted parts?

Trust becomes the scarcest resource in the market. Vendors who can prove trustworthiness through transparent operations, sovereign infrastructure, and aligned incentives gain advantage. Vendors who demand blind faith lose.

Taiwan faces this acutely, but every nation confronts the same reality.

Neither choice works for long.

The Sovereignty Paradox

Taiwan’s government officials kept returning to the same architectural tension during our discussions: We need cloud-scale compute for AI ambitions. We need sovereignty for survival. These requirements contradict each other.

If supply chain attacks doubled because “trust failed,” the logical response appears straightforward: air-gap everything. Cut external dependencies. Isolate critical systems. Build fortress infrastructure that can’t be penetrated from outside.

Air-gapped systems can’t access cloud AI. Can’t update at cloud speed. Can’t benefit from collective intelligence gathered across millions of endpoints. Can’t maneuver when threats materialize.

The four architectural questions Taiwan debates all collapse into one: How do we get cloud benefits without cloud dependencies?

This brings us back to the PrivatBank lesson. Controlling your signature matters more than building thicker walls. Bigger firewalls and more sophisticated intrusion prevention systems miss the point entirely.

True stealth operates at the infrastructure layer through obfuscation.

Can a banking system masquerade as gaming traffic? Can critical infrastructure hide inside commercial cloud noise? Can you migrate your signature faster than an adversary can retarget their attack infrastructure?

Ukraine proved you can maneuver at scale: 45 days to migrate, 4 petabytes of data, zero customer downtime. The question for Taiwan becomes: Can you pre-position for maneuver before crisis hits? Can systems be architected to stay always ready to migrate, rather than scrambling when missiles start falling?

This requires “connected but sovereign” infrastructure: cloud-scale compute with guaranteed operational isolation. The ability to federate when beneficial, survive independently when threatened. Japan’s Economic Security Promotion Act, passed in 2022 and enacted throughout 2023-2024, designated cloud infrastructure as critical to national survival precisely because AI sovereignty requires it.

The partnerships forming now between hyperscalers like Oracle and national carriers like NTT attempt to solve this paradox at scale. Sovereign cloud regions that provide AWS-level capabilities but operate under Japanese law, with Japanese security clearances required for operations teams, and guaranteed survivability if undersea cables get cut.

Whoever builds “always-ready maneuverability” as infrastructure wins this race. Disaster recovery plans assume you’ll have time to execute them. Backup systems restore last week’s data. Both approaches fail when you need continuous readiness to become a moving target.

The economic winners will be platforms that deliver cloud capabilities without cloud risk: distributed sovereign nodes that can optionally federate for performance but survive independently when isolated. The policy question becomes: Can allied nations create a “sovereign AI commons” where Japan, Taiwan, Australia, and others share model training capacity without dependency on any single nation?

I’m not sure that’s architecturally possible without accepting some level of US or China hyperscaler dominance. But someone needs to try building it anyway.

How the Four Threads Connect

These four insights intersect and reinforce each other in ways that make the challenge harder but the solution clearer.

IOC extinction means defense requires massive historical telemetry: data moats that take years to build. Smaller nations need partnerships to borrow baselines they can’t generate alone. But you can’t borrow from anyone. You need trusted partners with aligned incentives and verifiable operations. When the currency of traditional intelligence exchange collapses, intelligence sharing transforms from technical exchange to strategic alliance.

Industrial offense means artisanal defense fails catastrophically. Defenders need composable, scalable infrastructure that deploys like cloud services. But industrialization created the supply chain attack surface. More vendors means more trust boundaries. More integration points means more places where trust can fail. The market gap becomes defense-as-infrastructure that scales and remains verifiable.

The failure of trust means you can’t accept external dependencies when supply chains become weaponized. You either build everything yourself (impossible) or accept the risk (unacceptable). This forces the architectural question: How do you compose systems from untrusted parts while maintaining verifiable security? The answer requires transparency, sovereignty, and operational proof rather than vendor assurances.

The sovereignty paradox means isolation kills the AI ambitions that drive economic survival in the 21st century. Nations need architectures that maneuver (cloud benefits without cloud dependencies). But maneuverability requires trusting your infrastructure enough to move critical assets at speed. If trust failed, you can’t maneuver. You freeze.

There is a pattern here. Attackers mastered obfuscation across every dimension. They obfuscate signatures (IOC extinction), obfuscate attribution (industrialization), obfuscate intent (supply chain), and obfuscate presence (cloud infrastructure). Defenders who rely on recognition rather than obfuscation lose.

The common solution: coordinated infrastructure that scales like industrial offense, obfuscates and maneuvers dynamically, maintains sovereign control through transparent and verifiable operations, and establishes trusted partnerships that enable intelligence sharing when traditional IOC exchange becomes obsolete.

PrivatBank survived the invasion and proved maneuverability at national scale. They demonstrated that critical infrastructure can move faster than adversaries can target it, even when physical data centers become kinetic targets under active bombardment. They survived because they changed their signature. Banking operations became indistinguishable from ordinary cloud traffic. Physical targets disappeared into virtual infrastructure. The adversary couldn’t retarget what they couldn’t recognize.

Ukraine had one advantage Taiwan currently lacks: urgency. They had to maneuver. Missiles and drones made the decision easy. There was no committee debate about cloud versus local or peacetime versus wartime priorities. Survival clarified everything.

Taiwan doesn’t have that forcing function yet. Neither does Japan. Neither do most nations facing sophisticated threats but not active conflict.

The question becomes whether we build maneuverability before the missiles fall, or scramble to build it during the crisis when architectural decisions that should take months must be made in hours.

The Question We Need to Answer

The conversations in Taipei revealed a gap between understanding and capability. Everyone understands the threat. Everyone sees the paradoxes. No one has the full solution yet.

We know static targets die. We know offense industrialized while defense stayed artisanal. We know trust failed across the entire technology supply chain. We know sovereignty and connectivity contradict each other under current architectures. We know IOC-based intelligence is collapsing as threat actors move to cloud infrastructure and one-time malware.

But who builds the infrastructure that resolves these tensions?

Who creates defense-as-infrastructure that scales horizontally while remaining verifiable? Who architects “connected but sovereign” systems that provide cloud capabilities without cloud dependencies? Who establishes trusted partnerships that replace IOC exchange when signatures become worthless? Who builds transparency and verification into infrastructure rather than demanding blind faith?

Taiwan’s architectural decisions over the next 18 months will answer these questions—for Taiwan certainly, but also for Japan, Australia, and every nation in the Indo-Pacific facing similar threat environments and similar paradoxes.

The bar sits at a specific height. Forty-five days. Four petabytes. Zero downtime.

That’s what maneuverability and obfuscation look like when national survival depends on it. You need to maneuver faster than adversaries can target you. You also need to become unrecognizable faster than adversaries can adapt their targeting.

The question is: Who gets there first?