The CCP could shut down at least as many things as a horde of amateur radio enthusiasts.
“That an amateur radio enthusiast could halt four trains raises concerns about the much more sophisticated threat that China’s cyber warfare apparatus poses,” says Domino Theory (May 9, 2026).
The student and amateur radio operator, a 23-year-old surnamed Lin, obtained configuration information for the high-speed rail’s radio communications system, called TETRA, and programmed his own radio equipment to imitate official signals. He bypassed seven security checks in the TETRA radio system, which reportedly had not had its encryption keys updated in the last 19 years. Police arrested Lin on April 28. This week, the Ministry of Transportation and Communications announced a one-month audit of rail communications.
Experts say the incident reflects deeper issues in Taiwan’s operational technology infrastructure, which runs physical systems like critical infrastructure….
Typically, organizations running critical infrastructure don’t upgrade their operational technology systems until necessary due to failure, said Felix Wu, dean of the College of Electrical Engineering and Computer Science at National Cheng Kung University. He noted that it can be difficult to assess the cyber readiness of Taiwan’s critical infrastructure because relevant information is closely guarded, so it remains unclear what measures have been implemented to bolster resilience and what has been effective. Often, weaknesses only become visible when an incident like the high-speed rail breach occurs.
Stopping the trains seems to have been possible thanks not so much to “a sophisticated cyberattack” as “weaknesses in physical device management and operational discipline.” Lin reportedly obtained configuration info necessary for the attack from somebody online. Once he had that, he could use commercially available tools to breach the rail system.
CYBERSEC insights
As Domino Theory notes, Taiwan is fending off (we hope) more than two million cyberattacks a day. What if some of those attacks have succeeded and, instead of announcing their presence by immediately causing trouble, are laying traps that can be tripped at will?
At a recent CYBERSEC conference in Taipei, a tech officer named Chuck Weissenborn “identified a new, China-linked cyberespionage group called Azurite that targets Taiwan and several other countries. Notably, Azurite seems to be focused on stealing the settings and behavior rules that underpin critical infrastructure. This is not espionage, but rather ‘preparation for an attack,’ Weissenborn said. ‘The only reason you need to collect some of the information they are collecting is if you intend to cause an attack.’ ”
Also at CYBERSEC, Ying-Dar Lin, president of the National Institute of Cyber Security, observed that if China attacks Taiwan, they may well “hit Taiwan’s critical infrastructure” at the same time. “Because doing so would plunge the society and government into chaos, leaving them with no time to take care of the situation in the Taiwan Strait.”
The amateur radio enthusiast Lin may be the best thing that could have happened to the Taiwan’s high-speed rail system if, as a result of the embarrassing incident, the encryption keys are updated and other security measures hardened. Maybe the Republic of China needs many more such demonstrations—not all at once, though.
