On Tuesday last week at 7:30pm, Cloudflare, the world’s largest Internet infrastructure provider offering Web security and traffic acceleration services, had a major crash.
The outage brought down critical online services worldwide, including several essential public and government Web sites in Taiwan, for 45 minutes. The incident was no minor network glitch — it was a serious reminder of digital national security concerns, a global issue Taiwan must be especially alert of.
Having long been a target of Chinese cyberattacks, Taiwan’s dependence on Cloudflare is very risky. The risks include distributed denial-of-service attacks, in which targets are flooded with junk traffic from multiple sources to paralyze the Web site.
Cloudflare provides a shield against such attacks, so it is used by many government agencies, social media platforms, payment service providers, e-commerce sites and artificial intelligence platforms in Taiwan as a first line of defense.
As a result, Taiwan’s Internet security increasingly relies on a single company. Cloudflare also provides an entire ecosystem of Web infrastructure on which Taiwan depends. These include content delivery networks (CDN) for faster Web performance, web application firewalls (WAF) to protect against cyberattacks and malicious traffic, domain name system (DNS) services to translate Web site addresses into IP addresses, reverse proxy servers which sit between a Web site and its visitors to filter user requests, and edge points-of-presence (PoP) where network access points are hosted at physical locations closer to end-users.
A malfunction of any of these services is enough to shut down a significant number of Taiwanese Web sites. Last week’s crash made it clear that Taiwan cannot afford for Cloudflare to fail. This represents a serious geopolitical risk. Cloudflare houses a major edge PoP in Taipei for processing local Web traffic.
Lying well within China’s potential range of attack, if it were targeted or disabled in a conflict, there would be no need to attack Taiwanese servers directly. Taking out that node alone could paralyze government Web sites, payment application programming interfaces (APIs), public service portals, news platforms, and medical and transport information systems simultaneously.
Network breakages are the fastest, most cost-effective and efficient weapons of information warfare. Yet, local government, central ministries and public service platforms all rely on Cloudflare’s firewall, CDN and Reverse Proxy services for speed and security — these act to screen and filter incoming Web traffic and user requests, distinguishing between advertisers, potential cyberattacks and ordinary users.
If this frontline guardrail falls, Taiwan’s government Web sites go down with it. To prevent the nation from becoming a victim of its overdependency, there are three reforms it could apply to level up digital national security.
First, government and critical infrastructure must adopt a multi-vendor architecture approach to Web operations. There must be at least two functional sets of CDN, DNS, WAF and edge PoP systems that can switch over automatically in the event of an outage. This would mean that if Cloudflare fails, traffic is rerouted to the “failover” system.
Second, Taiwan must develop national CDN and DNS systems that do not rely on private companies or foreign servers for government and public service Web infrastructure. Critical information systems must be localized to insulate against the effects of network failures overseas. Estonia and Israel already have such systems in place. Taiwan cannot afford to fall further behind.
Third, a wartime digital resilience plan that includes interregional backups of government information systems, such as mirror Web sites hosted offshore or overseas, must be established. Essential APIs for power, healthcare and transportation should be decoupled, and emergency broadcast channels must be established for when the Internet is down.
Each of these are essential measures of modern national security, and in a crisis, lives would depend on it.
The Cloudflare crash was a test case. Next time, the outage might not be due to a system error, but a cyberattack. It might not last just 45 minutes, but four or five hours.
In the face of rising authoritarianism, great powers could turn to militarization, but small countries must rely on resilience. Taiwan must reclaim control over its critical Web infrastructure and ensure that, in the event of future shocks, it cannot be so easily toppled.
Hsiao Hsi-huei is a freelance writer.
Translated by Gilda Knox Streader
The diplomatic dispute between China and Japan over Japanese Prime Minister Sanae Takaichi’s comments in the Japanese Diet continues to escalate. In a letter to UN Secretary-General Antonio Guterres, China’s UN Ambassador Fu Cong (傅聰) wrote that, “if Japan dares to attempt an armed intervention in the cross-Strait situation, it would be an act of aggression.” There was no indication that Fu was aware of the irony implicit in the complaint. Until this point, Beijing had limited its remonstrations to diplomatic summonses and weaponization of economic levers, such as banning Japanese seafood imports, discouraging Chinese from traveling to Japan or issuing
The diplomatic spat between China and Japan over comments Japanese Prime Minister Sanae Takaichi made on Nov. 7 continues to worsen. Beijing is angry about Takaichi’s remarks that military force used against Taiwan by the Chinese People’s Liberation Army (PLA) could constitute a “survival-threatening situation” necessitating the involvement of the Japanese Self-Defense Forces. Rather than trying to reduce tensions, Beijing is looking to leverage the situation to its advantage in action and rhetoric. On Saturday last week, four armed China Coast Guard vessels sailed around the Japanese-controlled Diaoyutai Islands (釣魚台), known to Japan as the Senkakus. On Friday, in what
On Nov. 8, newly elected Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) and Vice Chairman Chi Lin-len (季麟連) attended a memorial for White Terror era victims, during which convicted Chinese Communist Party (CCP) spies such as Wu Shi (吳石) were also honored. Cheng’s participation in the ceremony, which she said was part of her efforts to promote cross-strait reconciliation, has trapped herself and her party into the KMT’s dark past, and risks putting the party back on its old disastrous road. Wu, a lieutenant general who was the Ministry of National Defense’s deputy chief of the general staff, was recruited
The Food and Drug Administration (FDA) on Nov. 5 recalled more than 150,000 eggs found to contain three times the legal limit of the pesticide metabolite fipronil-sulfone. Nearly half of the 1,169 affected egg cartons, which had been distributed across 10 districts, had already been sold. Using the new traceability system, officials quickly urged the public to avoid consuming eggs with the traceability code “I47045,” while the remainder were successfully recalled. Changhua County’s Wenya Farm — the source of the tainted eggs — was fined NT$120,000, and the Ministry of Agriculture instructed the county’s Animal Disease Control Center to require that
RSS