The Invisible Frontline of National Security Governance

Editor’s Note: Taiwan is a regular victim of Chinese gray-zone attacks that seek to undermine societal cohesion and make the government more pliable. Taiwan, however, is far from alone; other democracies face similar challenges. Judge KaiChieh Hsu argues that China is conducting gray-zone campaigns that operate below the threshold of criminal prosecution, exploiting openness through dispersed networks, social ties, and incremental influence rather than traditional espionage. He contends that democracies therefore need new ways to identify and counter authoritarian influence before it becomes prosecutable conduct.

Daniel Byman

***

The central national security challenge facing democracies confronting authoritarian interference is how to respond to infiltration that is eroding institutional resilience but has not yet crossed the threshold of criminal indictment. Taiwan has experienced the transformation of foreign interference operations in particularly concentrated ways. Cross-strait exchanges have created pathways through which influence networks, economic dependencies, and political leverage became embedded within Taiwan’s open society, while the legal tools designed to detect and respond to such risks failed to evolve at the same pace. Taiwan, and other open societies being targeted by influence operations, need to develop a more holistic approach to recognizing and addressing the national security risks of infiltration that occurs in a legal gray zone.

A Challenge That Begins Before the Law Can Act

At first glance, Taiwan’s national security enforcement trends appear reassuring. The number of prosecutions on foreign interference charges have risen in recent years, increasing from cases targeting 29 individuals in 2020 to 168 in 2024 and 101 in 2025. These increases reflect several structural developments, including the post-pandemic resumption of cross-border interactions, enhanced enforcement following amendments to Taiwan’s Anti-Infiltration Act, and intensified scrutiny during the 2024 election cycle.

Yet prosecution figures tell only part of the story. Official data show that non-indictment dispositions also rose sharply, from 30 individuals in 2020 to as many as 380 in 2024, before falling to 99 in 2025. In proportional terms, from 2016 to 2023, roughly 40 to 50 percent of investigated individuals were indicted; since 2024, that share has fallen to around 30 percent. Conviction rates remain relatively high for cases that reach trial, but they too have come under pressure, declining from roughly 80 percent to closer to 70 percent in recent years.

This pattern suggests that Taiwan’s enforcement pipeline is absorbing a broader range of suspected infiltration or interference activity, including conduct that authorities can detect as risky but cannot always translate into criminal charges. The declining rates do not primarily reflect prosecutorial weakness or judicial leniency. Instead, they reveal a deeper structural mismatch: Evolving threats are increasingly outpacing the legal toolkit designed to address them. Traditional criminal-law tools are no longer well-suited to contain the gray-zone forms of infiltration that the Chinese Communist Party (CCP) now employs. The growing complexity of some proceedings, including cases involving larger numbers of defendants, reinforces this point: Detectable CCP-linked influence activity is becoming more networked, while much of the surrounding conduct remains too dispersed, low intensity, or legally ambiguous to fit traditional criminal categories.

These risks are visible as patterns but not always provable as crimes. They may corrode trust, shape political behavior, and create strategic leverage without satisfying the evidentiary standards necessary to indict and convict individuals involved in undermining Taiwan’s democratic institutions and autonomous decision-making. Authoritarian influence often accumulates in the pre-criminal space before it becomes legally cognizable as indictable conduct.

The “Thousand Grains of Sand” Problem

Taiwan’s experience shows that in gray-zone competition, the most important national security failures often occur not inside the courtroom but before a matter can ever be converted into a justiciable case. The CCP’s approach helps explain why. For years, this pattern has at times been described in U.S. intelligence discourse through the metaphor of “a thousand grains of sand.” If tasked with the goal of removing a bucket of sand from an island, a Soviet-style intelligence service might send a trained agent to steal it in one covert act. The CCP-style approach, by contrast, would direct many individuals to enter lawfully, each carrying away only a few grains at a time, until the total accumulated effect became strategically significant.

Each individual grain, taken alone, may not look like a prosecutable offense. A request for a low-sensitivity internal document, a subsidized trip, a business relationship structured through offshore ownership, a social connection cultivated over time, a vague political message framed as “peace,” or an intermediary who never gives a direct order may each fall short of criminal liability. But when aggregated over time, especially when organized, funded, or directed by a foreign hostile source, these fragments can create what Taiwan’s Supreme Court has described as a “systemic organizational risk.” Public trust in democratic institutions and national security decision-making erodes, local dependence on CCP-linked funding or access grows, institutional vulnerabilities are exposed, loyalties are tested, and influence relationships within democratic systems are normalized.

Two structural shifts now define how infiltration operates.

First, infiltration is no longer defined only by classic espionage aimed at high-value classified information. Low-value or publicly adjacent information can also serve as a gateway: Military meal schedules, internal rosters, routine technical materials, or seemingly trivial operational details can be used to establish contact, test compliance, and measure vulnerability. The point is not always the intrinsic value of the information itself. Often, the point is to build a relationship, test receptivity, and open a path toward more consequential forms of access.

Second, infiltration has moved from discrete incidents to networked ecosystems. Influence is increasingly exercised through loose but linkable networks rather than through single command chains. Personal ties, community organizations, alumni groups, local associations, religious channels, and commercial intermediaries can all accelerate trust formation between actors who would otherwise remain unrelated. The strategic effect depends on the network remaining sufficiently fragmented that each individual act appears legal, deniable, or too minor to trigger a coercive state response.

In this environment, infiltration is designed to not violate the law, remaining just within legal bounds.

Legal Fatigue and the Limits of National Security Governance

Criminal law is designed to address identifiable acts that meet defined evidentiary thresholds. But gray-zone infiltration operates through ambiguity, fragmentation, and accumulation, often without a clear moment at which conduct becomes unambiguously illegal. 

In Taiwan, many national security risks now operate on a spectrum of legality. Toward the more permissible end are legally protected forms of contact and exchange that may nonetheless function as vehicles for united front work or influence cultivation. In the middle are inducements, cognitive warfare, and relationship-building mechanisms that can spread incrementally through social and institutional ties to shape perceptions, loyalties, and decision-making without clearly violating criminal law. Only at the extreme end of the spectrum do matters become recognizable criminal conduct: espionage, recruitment into hostile organizations, or unlawful disclosure of protected information.

Criminal justice systems are effective at addressing that extreme end, but much of the strategic impact occurs elsewhere in the spectrum. This dynamic produces what can be described as legal fatigue, a condition in which institutions continue to function procedurally yet systematically lose the capacity to perceive and respond to aggregated risk. As threats are broken down into components too small to trigger decisive legal action, institutions may continue to process cases one by one while steadily losing sight of the broader pattern of infiltration. Democracies may preserve the rule of law in individual prosecutions while losing strategic ground in the aggregate.

Reframing the Frontline of National Security Governance

Taiwan’s experience suggests that democratic resilience requires a broader architecture of risk recognition that can address threats that do not violate the law. For society, this means building a more mature public framework for identifying infiltration risk. Greater transparency regarding influence operations, funding channels, and patterns of external involvement is essential. So is earlier risk recognition across the sectors where gray-zone influence actually travels: technology, education, local politics, veterans’ systems, civic organizations, religious networks, and commercial exchange.

For the government, the challenge is equally sharp. Personnel inside the formal state apparatus are typically subject to stricter controls, background checks, and institutional oversight. But other people are also valuable targets. Legislative aides, contractors, lawyers handling sensitive matters, outside consultants, private firms in defense procurement, and employees in strategic technology sectors may all gain access to information or influence channels without fitting neatly into legacy state-centered regulatory models.

Like Taiwan, the United States, Japan, and other open societies must learn to identify gray-zone threats in peacetime rather than waiting for wartime manifestations. Intelligence, administrative, and judicial actors must develop better mechanisms for translating information across institutional boundaries without collapsing the distinction between them. Democratic societies must distinguish more clearly between legitimate pluralism and authoritarian exploitation of openness. Legal systems must develop more front-end tools for managing risk before it reaches the level of indictable crime. And the public itself must be equipped with basic literacy about influence, infiltration, and the strategic uses of ambiguity.

Taiwan should not be seen merely as a target of CCP pressure but also understood as an early warning system. Taiwan reveals where democratic legal systems begin to lose sight of risk—not because judges fail, prosecutors are indifferent, or the rule of law is too weak, but because the threat has adapted to remain just beyond the reach of institutions designed for a different era.

When a democracy can see danger only after the crime is complete, it may preserve the rule of law in individual cases while bleeding strategically across the whole system. The real frontline, then, is not inside the courtroom. It lies in the space before a case ever becomes a case, where democracies either recognize risk early or confront its consequences too late.