Professional Documents
Culture Documents
JapansAchillesHeel:Cybersecurity|TheDiplomat
Excel
kintone.cybozu.com
Cyberisarelativelynewrealmofsecuritythatstatesacrosstheworldhavetocontendwith.
Fromdecidingwhatconstitutesanattacktowhatconstitutesaproportionateresponse,
manystatesarestillstrugglingtounderstandthisnewsphere.Suchissuesrequire
internationalcooperationtoestablishnewnorms,andinaparalleleffort,statesaredoingas
muchastheycanunilaterallytodefendthemselves.However,Japan,inparticular,isstill
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes
1/5
4/13/2016
JapansAchillesHeel:Cybersecurity|TheDiplomat
lagging.
Duetoavarietyoffactors,Japanisuniquelyunderpreparedforthecyberchallengesofthe
21stcentury,rangingfromattacksbyforeignquasistateactorstotheftbydomesticcriminals.
OneimportantfactorthatmakesJapansovulnerableisitseconomysheavyrelianceonthe
Internet.AccordingtoDeloittesAsiaPacificDefenseOutlook2016,Japan,alongwithSouth
Korea,Singapore,Australia,andNewZealand,hasacybervulnerabilityindexninetimes
higherthantheirAsianneighbors.Theindexisbasedonanumberofdatapointsthat
measureinternetbasedeconomicinteractionssuchasthenumberofmobilephone
subscribers,thenumberofsecureInternetservers,broadbandprevalence,andtherateof
Internetuseanddoesnotconsidertheeffectivenessofcountermeasuresinplaceorthe
numberofInternetreliantmilitaryandgovernmentsystems.Still,itprovidesatellingsignof
howvulnerableJapanis.
AnotherfactorthatmakesJapanuniquelyunderpreparedistheJapanesepopulations
indifferenceormisunderstandingoftheissue.Therearemultifacetedcauses,includingthe
demographicrealitythatJapanisanagingsocietyacertainnaivetamongtheJapanese
publicatlargeacultureofshamingvictimsthatmakesJapanesegovernmentandbusiness
leadersembarrassedtoadmitfailureandinsufficienttalenttomeetJapanssecurityneeds.
Japanisoneofthemostrapidlyagingnationsintheworld,andmanyofitsseniorslackeven
abasicunderstandingofcyberletalonecyberrisks.Fraudandcriminalactivities,which
tendtopreyonseniors,alsohavetakenondigitalwings.Becauseofharshpenaltiesfor
writingmalware,Japanesecybercriminalshaveatendencytopurchasesuchmalwarefrom
foreignersfortheiruse.Throughanonymousandrestrictedaccesstothedeepweb,cyber
criminalsbuyandsellphonenumberdatabasesandcreditcardcredentials,amongother
illicitgoods.
WilliamSaito,specialadvisertotheprimeministeroncyberissues,alsolamentsthattoo
manyJapanesebecomeunwittingaccomplicesincybercrime,astheyunthinkinglyinsert
anunknownUSBdriveintoadeviceorclickonadangerouslink.Thereisalsoagenerallack
ofappreciationamongordinaryJapaneseabouttheimportanceofkeepingsensitive
informationsafe.
Furthermore,cooperationbetweendifferentgovernmentagencies,differentcompanies,
andacrosstheprivateandpublicsectorstofightbackagainstcyberthreatsisharderthanit
shouldbe.Oneofthegreatestobstaclestocooperationisthecultureofvictimblaming,which
makesitdifficultforanagencyorcompanythathasbeenthetargetofacyberattacktocome
forward.Inthisrespect,Saitobelievesthatthegovernmentneedstosetanexampleofnot
coveringupwhenattackshappen,andhavingbettercommunicationandmoreopenreporting
procedures.Onlywhenthegovernmenttakesthedriversseatbysettingagoodexamplewill
thisnormtrickledowntobusinessesandindividuals.
Meanwhile,therearefeweffortssofartopromotedomesticexpertiseoncyberissues.In
Japan,studentsarenotexposedtocomputerprogramminguntiltheuniversitylevel.Saito
characterizesthislackofemphasisonprogrammingasanationalsecurityconcern.Welack,
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes
2/5
4/13/2016
JapansAchillesHeel:Cybersecurity|TheDiplomat
somesay,80,000cyberliterateworkersinJapanataminimum,Saitoexplains.Notonly
arewelosingcompetiveness,efficiency,butobviouslytheIPthatweloseviatheft.Thus,itisa
hugeconcernthatweneedtoputimmediateattentiontowards.
And,ofcourse,whenitcomestoattacksfromquasistateactors,geopoliticscannotbe
discountedeither.China,Russia,andNorthKoreatargetJapannotjustbecauseofageneral
senseofanimosityordisputesoverhistoryissues,butbecauseJapancouldbeathreat,dueto
Japanssheerproximityandadvancedcapabilities.China,Russia,andNorthKoreahavea
needtoknowwhatJapanisuptoandcapableof.
Inshort,Japanisahighvaluetargetmilitarily,economically,andtechnologically.Consider
thewiderangeoftargetsinJapan.InAugust2011,hackerstargetedclassifieddefense
informationatMitsubishiHeavyIndustriesand20otherdefenseandhightechfirms.Alsoin
August2011,emailsanddocumentswerestolenfrom480Dietmembersandstaff.InApril
2012,ahackattheMinistryofAgriculture,ForestryandFisheriesresultedintheexfiltration
of3,000documents,including20classifieddocumentsonTPPnegotiations.Inearly2013,
theMinistryofForeignAffairsdiscoveredithadlostatleast20documents.
CybervulnerabilityisexacerbatedbyJapansislandnationmentality,whichSaitobelieves
hasmadeJapaneseleaderscomplacentwhenitcomestodefendingagainstcyberthreats.
Securityandsafetyhasalwaysbeentakenforgranted[becauseofJapansgeographic
isolation].Cybersverypremisehasconnectedthecountryinmanyways,Saitoargues.To
usejustoneprosaicexampletoillustratehowJapanisnolongerasisolatedasitusedtobe:
cybermeanslanguagedifferencesarenolongerthenaturalbarrierstheyoncewerefor
espionageactivitieswithinJapan.Instead,JapaneseofficialslackofEnglishfluencyhelps
contributetoalackofJapaneseinfluenceininternationalforumsdealingwithcyberissues.
ThetruewakeupcalltoJapanwasthepensionhacklastJune,when1.25millioncasesof
personaldatawasleakedapsychologicalshocktheequivalentoftheUnitedStatesown
OPMbreach.
SowhatcanJapando?Deterrencedoesnotworkinatraditionalsense.TheDeloittereport
acknowledgesthisdilemma,concludingthatJapanmayhavetoconsiderthreatening
disproportionateorunpredictableretaliationincludingresponsesoutsidecyberspace.But,
ironically,becauseofjusthowextensivelyJapanisinterconnected,hackersfearof
unintendedconsequencestriggeringcatastrophesgreaterthantheyintendorwanthas
likelyexercisedsomerestraintoverhackersactivities.Fearofwakingasleepingbearhas
likelystayedattackersfrommountingmoredaringcampaigns.
WhilethisconsiderationmightmitigatedamagingattacksagainstJapaneseassets,itdoesnot
necessarilydeterthosewhosimplywishtoseekinformationthatcanbeusedforfinancial
gain.Thesesortofillicitactivitiesfocusongoingunnoticedandbeingundisruptiveforaslong
astheycan.Cybertheftofinformationis,afterall,justthenewestiterationofespionage.And
aswithtraditionalespionage,whykilloffagoodsourcebyrevealingyouraccess?Inthelong
term,themostdamagetoJapancouldcomefrommoreinnocuousmalware,whichfocuseson
informationgathering.
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes
3/5
4/13/2016
JapansAchillesHeel:Cybersecurity|TheDiplomat
Withthegoalofincreasingcyberpreparedness,theLowerHouseoftheJapaneseDietpassed
theCybersecurityBasicActinNovember2014,whichsetsnewrequirementsfornationaland
localgovernmentstoquicklyreportcyberattacks,andcreatedtheCybersecurityStrategy
Headquarterstocoordinatecyberstrategy,policyandprocedures.Awareofthesevarious
threats,Japanisdoingbetter,Saitoconcludes,especiallythefinanceindustry.
ButthisisnolongeranissuethatJapancandealwithonitsown.JamesLewisarguesthatthe
U.S.andJapancandomoretoaddressthesepotentialthreatstogether,andshould
specificallytakethefollowingsixsteps:
1.Assigningadequateresourcestocybersecurity,particularlyforJapan
2.Agreeingonhowcollectivedefenseincyberspaceisdefinedandimplemented,
includingclearguidanceonArticleVthresholdsandajointpublicstatementon
cyberactivitiesthatcouldtriggerthemutualselfdefensecommitment
3.Creatingbilateralmechanismsforcooperationandforsharinginformationoncyber
threatsandthetechniquesusedtomitigatethem
4.Developingrobust,realisticjointtrainingandexercises
5.Expandingnationalandjointeffortsforciviliancriticalinfrastructureprotectionand
counterespionage
6.CoordinatingeffortstocreateaframeworkforcybersecuritydiscussionsandCBMs
[confidencebuildingmeasures]inNortheastAsia.
GreatercoordinationbetweenJapanandtheUnitedStates,aswellasotherallies,willbeabig
stepforwardforJapan.Cyberdoesnotrespectsovereignty,anddomesticsolutionsareno
longeradequate.
Whileensuringcybersecurityaheadofthethe2020Olympicsisadauntingchallenge,Saito
seesthisasagoldenopportunity.ThatharddeadlinecanactasacatalysttobringJapans
cyberreadinessuptothehighestlevel.ThefixedschedulepreventsJapaneseleadersfrom
kickingthecandowntheroad,andthesenseofurgencycanhelpcutthroughbureaucratic
redtapethathinderscooperation.
Openness,transparency,awillingnesstoacknowledgetheproblem,andmoreseamlessintra
andinterstatecooperationiskeyforJapantoincreaseitscybersecurity.
You have read 2 of your 5 free articles this month.
Subscribe to
Diplomat All-Access
Enjoy full access to the website and get an automatic subscription to our magazine
with a Diplomat All-Access subscription.
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes
4/5
4/13/2016
JapansAchillesHeel:Cybersecurity|TheDiplomat
SUBSCRIBE NOW
Already a subscriber? Login here
biwakomesse.com
5/31()
BtoB
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes
5/5