4/13/2016

JapansAchillesHeel:Cybersecurity|TheDiplomat

Excel
kintone.cybozu.com

Participants from government ministries and

agencies take part in the Cyber Defense Exercise
with Recurrence (CYDER) in Tokyo September 25,
2013
Image Credit: REUTERS/Toru Hanai

Japan's Achilles Heel: Cybersecurity

Japan is uniquely underprepared for the cyber challenges of the 21st century.
By Mina Pollmann
April 13, 2016

Cyberisarelativelynewrealmofsecuritythatstatesacrosstheworldhavetocontendwith.
Fromdecidingwhatconstitutesanattacktowhatconstitutesaproportionateresponse,
manystatesarestillstrugglingtounderstandthisnewsphere.Suchissuesrequire
internationalcooperationtoestablishnewnorms,andinaparalleleffort,statesaredoingas
muchastheycanunilaterallytodefendthemselves.However,Japan,inparticular,isstill
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes

1/5

4/13/2016

JapansAchillesHeel:Cybersecurity|TheDiplomat

lagging.
Duetoavarietyoffactors,Japanisuniquelyunderpreparedforthecyberchallengesofthe
21stcentury,rangingfromattacksbyforeignquasistateactorstotheftbydomesticcriminals.
OneimportantfactorthatmakesJapansovulnerableisitseconomysheavyrelianceonthe
Internet.AccordingtoDeloittesAsiaPacificDefenseOutlook2016,Japan,alongwithSouth
Korea,Singapore,Australia,andNewZealand,hasacybervulnerabilityindexninetimes
higherthantheirAsianneighbors.Theindexisbasedonanumberofdatapointsthat
measureinternetbasedeconomicinteractionssuchasthenumberofmobilephone
subscribers,thenumberofsecureInternetservers,broadbandprevalence,andtherateof
Internetuseanddoesnotconsidertheeffectivenessofcountermeasuresinplaceorthe
numberofInternetreliantmilitaryandgovernmentsystems.Still,itprovidesatellingsignof
howvulnerableJapanis.
AnotherfactorthatmakesJapanuniquelyunderpreparedistheJapanesepopulations
indifferenceormisunderstandingoftheissue.Therearemultifacetedcauses,includingthe
demographicrealitythatJapanisanagingsocietyacertainnaivetamongtheJapanese
publicatlargeacultureofshamingvictimsthatmakesJapanesegovernmentandbusiness
leadersembarrassedtoadmitfailureandinsufficienttalenttomeetJapanssecurityneeds.
Japanisoneofthemostrapidlyagingnationsintheworld,andmanyofitsseniorslackeven
abasicunderstandingofcyberletalonecyberrisks.Fraudandcriminalactivities,which
tendtopreyonseniors,alsohavetakenondigitalwings.Becauseofharshpenaltiesfor
writingmalware,Japanesecybercriminalshaveatendencytopurchasesuchmalwarefrom
foreignersfortheiruse.Throughanonymousandrestrictedaccesstothedeepweb,cyber
criminalsbuyandsellphonenumberdatabasesandcreditcardcredentials,amongother
illicitgoods.
WilliamSaito,specialadvisertotheprimeministeroncyberissues,alsolamentsthattoo
manyJapanesebecomeunwittingaccomplicesincybercrime,astheyunthinkinglyinsert
anunknownUSBdriveintoadeviceorclickonadangerouslink.Thereisalsoagenerallack
ofappreciationamongordinaryJapaneseabouttheimportanceofkeepingsensitive
informationsafe.
Furthermore,cooperationbetweendifferentgovernmentagencies,differentcompanies,
andacrosstheprivateandpublicsectorstofightbackagainstcyberthreatsisharderthanit
shouldbe.Oneofthegreatestobstaclestocooperationisthecultureofvictimblaming,which
makesitdifficultforanagencyorcompanythathasbeenthetargetofacyberattacktocome
forward.Inthisrespect,Saitobelievesthatthegovernmentneedstosetanexampleofnot
coveringupwhenattackshappen,andhavingbettercommunicationandmoreopenreporting
procedures.Onlywhenthegovernmenttakesthedriversseatbysettingagoodexamplewill
thisnormtrickledowntobusinessesandindividuals.
Meanwhile,therearefeweffortssofartopromotedomesticexpertiseoncyberissues.In
Japan,studentsarenotexposedtocomputerprogramminguntiltheuniversitylevel.Saito
characterizesthislackofemphasisonprogrammingasanationalsecurityconcern.Welack,
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes

2/5

4/13/2016

JapansAchillesHeel:Cybersecurity|TheDiplomat

somesay,80,000cyberliterateworkersinJapanataminimum,Saitoexplains.Notonly
arewelosingcompetiveness,efficiency,butobviouslytheIPthatweloseviatheft.Thus,itisa
hugeconcernthatweneedtoputimmediateattentiontowards.
And,ofcourse,whenitcomestoattacksfromquasistateactors,geopoliticscannotbe
discountedeither.China,Russia,andNorthKoreatargetJapannotjustbecauseofageneral
senseofanimosityordisputesoverhistoryissues,butbecauseJapancouldbeathreat,dueto
Japanssheerproximityandadvancedcapabilities.China,Russia,andNorthKoreahavea
needtoknowwhatJapanisuptoandcapableof.
Inshort,Japanisahighvaluetargetmilitarily,economically,andtechnologically.Consider
thewiderangeoftargetsinJapan.InAugust2011,hackerstargetedclassifieddefense
informationatMitsubishiHeavyIndustriesand20otherdefenseandhightechfirms.Alsoin
August2011,emailsanddocumentswerestolenfrom480Dietmembersandstaff.InApril
2012,ahackattheMinistryofAgriculture,ForestryandFisheriesresultedintheexfiltration
of3,000documents,including20classifieddocumentsonTPPnegotiations.Inearly2013,
theMinistryofForeignAffairsdiscoveredithadlostatleast20documents.
CybervulnerabilityisexacerbatedbyJapansislandnationmentality,whichSaitobelieves
hasmadeJapaneseleaderscomplacentwhenitcomestodefendingagainstcyberthreats.
Securityandsafetyhasalwaysbeentakenforgranted[becauseofJapansgeographic
isolation].Cybersverypremisehasconnectedthecountryinmanyways,Saitoargues.To
usejustoneprosaicexampletoillustratehowJapanisnolongerasisolatedasitusedtobe:
cybermeanslanguagedifferencesarenolongerthenaturalbarrierstheyoncewerefor
espionageactivitieswithinJapan.Instead,JapaneseofficialslackofEnglishfluencyhelps
contributetoalackofJapaneseinfluenceininternationalforumsdealingwithcyberissues.
ThetruewakeupcalltoJapanwasthepensionhacklastJune,when1.25millioncasesof
personaldatawasleakedapsychologicalshocktheequivalentoftheUnitedStatesown
OPMbreach.
SowhatcanJapando?Deterrencedoesnotworkinatraditionalsense.TheDeloittereport
acknowledgesthisdilemma,concludingthatJapanmayhavetoconsiderthreatening
disproportionateorunpredictableretaliationincludingresponsesoutsidecyberspace.But,
ironically,becauseofjusthowextensivelyJapanisinterconnected,hackersfearof
unintendedconsequencestriggeringcatastrophesgreaterthantheyintendorwanthas
likelyexercisedsomerestraintoverhackersactivities.Fearofwakingasleepingbearhas
likelystayedattackersfrommountingmoredaringcampaigns.
WhilethisconsiderationmightmitigatedamagingattacksagainstJapaneseassets,itdoesnot
necessarilydeterthosewhosimplywishtoseekinformationthatcanbeusedforfinancial
gain.Thesesortofillicitactivitiesfocusongoingunnoticedandbeingundisruptiveforaslong
astheycan.Cybertheftofinformationis,afterall,justthenewestiterationofespionage.And
aswithtraditionalespionage,whykilloffagoodsourcebyrevealingyouraccess?Inthelong
term,themostdamagetoJapancouldcomefrommoreinnocuousmalware,whichfocuseson
informationgathering.
http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes

3/5

4/13/2016

JapansAchillesHeel:Cybersecurity|TheDiplomat

Withthegoalofincreasingcyberpreparedness,theLowerHouseoftheJapaneseDietpassed
theCybersecurityBasicActinNovember2014,whichsetsnewrequirementsfornationaland
localgovernmentstoquicklyreportcyberattacks,andcreatedtheCybersecurityStrategy
Headquarterstocoordinatecyberstrategy,policyandprocedures.Awareofthesevarious
threats,Japanisdoingbetter,Saitoconcludes,especiallythefinanceindustry.
ButthisisnolongeranissuethatJapancandealwithonitsown.JamesLewisarguesthatthe
U.S.andJapancandomoretoaddressthesepotentialthreatstogether,andshould
specificallytakethefollowingsixsteps:
1.Assigningadequateresourcestocybersecurity,particularlyforJapan
2.Agreeingonhowcollectivedefenseincyberspaceisdefinedandimplemented,
includingclearguidanceonArticleVthresholdsandajointpublicstatementon
cyberactivitiesthatcouldtriggerthemutualselfdefensecommitment
3.Creatingbilateralmechanismsforcooperationandforsharinginformationoncyber
threatsandthetechniquesusedtomitigatethem
4.Developingrobust,realisticjointtrainingandexercises
5.Expandingnationalandjointeffortsforciviliancriticalinfrastructureprotectionand
counterespionage
6.CoordinatingeffortstocreateaframeworkforcybersecuritydiscussionsandCBMs
[confidencebuildingmeasures]inNortheastAsia.
GreatercoordinationbetweenJapanandtheUnitedStates,aswellasotherallies,willbeabig
stepforwardforJapan.Cyberdoesnotrespectsovereignty,anddomesticsolutionsareno
longeradequate.
Whileensuringcybersecurityaheadofthethe2020Olympicsisadauntingchallenge,Saito
seesthisasagoldenopportunity.ThatharddeadlinecanactasacatalysttobringJapans
cyberreadinessuptothehighestlevel.ThefixedschedulepreventsJapaneseleadersfrom
kickingthecandowntheroad,andthesenseofurgencycanhelpcutthroughbureaucratic
redtapethathinderscooperation.
Openness,transparency,awillingnesstoacknowledgetheproblem,andmoreseamlessintra
andinterstatecooperationiskeyforJapantoincreaseitscybersecurity.
You have read 2 of your 5 free articles this month.

Subscribe to
Diplomat All-Access
Enjoy full access to the website and get an automatic subscription to our magazine
with a Diplomat All-Access subscription.

http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes

4/5

4/13/2016

JapansAchillesHeel:Cybersecurity|TheDiplomat

SUBSCRIBE NOW
Already a subscriber? Login here

biwakomesse.com

5/31()
BtoB

http://thediplomat.com/2016/04/japansachillesheelcybersecurity/?allpages=yes&print=yes

5/5