Cyber Intelligence: The Challenge for Japan

(cloudfront.net) Information and telecommunication technology is progressing rapidly. With the benefits of this progress come inevitable risks and new sources of insecurity. In particular, systems are at risk of unauthorized access and exploitation from countries that seek sensitive information. Countries also possess the ability to destabilize the electrical system with the aim of disrupting the network. I term this activity ‘cyber intelligence.’ As a consequence, cyber attacks play a major role in realizing national interests and constitute a grave new problem for the security of nations. Japan in particular, with its large, technologically advanced economy, must learn to cope with the new dangers cyber intelligence poses.

 

Cyber Espionage Cases in Japan

Cyber intelligence refers to espionage activity that utilizes information and telecommunication technology. Sophisticated cyber threats come primarily from foreign intelligence and military services. Attacks take the form of Advanced Persistent Threats (APT) that can quietly infiltrate systems and remain active for long periods of time. Their aim is to gain political, economic, or military advantage over industries and government agencies. Several recent examples illustrate this trend for Japan.

One of the first cases of cyber espionage in Japan concerns its largest defense contractor, Mitsubishi Heavy Industries, which was hit by such an attack in 2011. The company discovered eighty virus-infected computers both at its headquarters in Tokyo and at its research and manufacturing facilities. Its lucrative submarine, missile, and nuclear power plant component factories were the targets.

Another case concerns the House of Representatives and the House of Councillors, whose computers were infected by an illegal program capable of information theft. Following this situation, government officials announced that the IDs and passwords of all lawmakers had been compromised and that their emails could have been intercepted for a maximum of fifteen days. The announcement further revealed that the Ministry of Foreign Affairs staff’s computers had also been infected with the same aim. Similarly, computers belonging to the Ministry of Agriculture, Forestry, and Fisheries were attacked. Internal documents related to the Trans-Pacific Partnership (TPP), which the Ministry had prepared, including preparatory conference materials and documents from the U.S.-Japan summit meeting, were accessed illegally several times and leaked in 2011 and 2012.

While it had been previously unobserved in Japan, hackers frequently target defense contractors, notably Lockheed Martin. Various APT attacks have been found, one after another. Cyber intelligence is the least expensive and most accessible method of intelligence gathering. If present trends continue, these phenomena have a high potential for undermining diplomatic, economic, and security functions at the international level.

 

The Global Threat of Cyber Espionage

In response to this global threat, countries have launched protection measures to keep sensitive information safe from theft. The long history of intelligence gathering goes hand-in-hand with that of warfare. Today, new technologies offer advanced tools for this age-old practice of information collection. The open nature of the Internet enables unprecedented access to information.

Currently, China and North Korea have overtly and provocatively developed the capabilities to carry out cyber attacks. Both countries organize training institutes for cyber hackers and cyber attack forces at the national level. In fact, they have developed information theft as well as various disruption activities that have been used on a daily basis, penetrating the networks of government agencies and industries in Japan and the United States. China and North Korea possess highly advanced technology to launch cyber attacks against their targeted countries.

Sony Entertainment Pictures (SPE) suffered a cyber attack in November 2014. After a thorough investigation, the FBI made a comment that North Korea had organized the attack, a view that President Obama confirmed. North Korea aims at projecting its cyber attack capability and threatening its neighbors. To this end, North Korea has trained six thousand cyber troops with significant assistance from China. Japan should take measures to counteract North Korea and not sit on the sidelines as mainstays of Japanese industry, such as SPE, are increasingly under threat.

 

Security and the Japanese ‘Cyber Intelligence’ Moment

Cyber intelligence has become a critical tool for the international security establishment. Related technology development and operational training have become more routine. In this regard, national strategy and international relations are at a critical stage in coming to grips with this reality. Unfortunately, Japan’s cyber intelligence capabilities are insufficient; they lack the necessary cyber literacy and sense of leadership. This situation arises from a disconnect between Japanese policy officials, who are ignorant of the technology, and those with the requisite expertise, who have remained pacifist and uninvolved in issues of security. In the interest of its national security, it is imperative that Japan strengthen its efforts to combat cyber intelligence by bridging the divide between these two groups.

 

National Police Agency Efforts Towards Cyber Intelligence

The Japanese police and more than four thousand businesses, which are often targets of cyber attacks, have launched an information sharing network which conducts the following measures:

  1. The police visit individual businesses and collect information regarding cyber attack concerns, such as targeted mail designed to steal information.
  2. The police provide feedback for businesses based on the information the police analyzed to improve businesses’ cyber security.
  3. The police, antivirus software companies, and operating system providers set up an advisory council against malware for counter intelligence. The council carries out information sharing regarding countermeasure against illegal program. In particular, the police provide information on new threats and sources of vulnerability for commercial enterprises so that IT users can improve their security countermeasures.

It is important to build on these efforts. Japan should further strengthen the exchange of information between foreign intelligence agencies and private sector entities to share the knowledge gained in these efforts.

 

Further Analysis: Marine Cable for National Security

The Internet does not exist solely in cyberspace. Rather, its existence depends upon physical infrastructure, most notably a network of cables that crisscross the world’s oceans. These marine cables, which have been lain for more than a hundred years, are crucial to the operation of information technology worldwide. Today, these cables utilize fiber-optic technology to transmit information at unprecedented speeds. Tied to this technology are political considerations over the potential for illegal surveillance and another theater for the conduct of cyber war with vast amounts of information at stake. This risk of war laid at the bottom of the sea demands greater attention.

Marine cable was the first point of IT connection between the United States and Asia. This connection plays a crucial role in Japan’s geopolitical concerns. Important in these considerations is the major telecommunication carrier KDDI and the cable-laying business, NEC. In August 2014, a consortium of six global communication companies, including China Mobile International and Google, awarded NEC a contract to expand the marine cable system that runs from Thailand to Hong Kong.

The first fiber-optic network lain in Japan runs between Japan and the United States. The technology, including the new FASTER cable set to be completed in 2016, greatly enhances the flow of data between the two continents.

These lines are vulnerable to damage, however, especially considering the fact that the sea bottom around Japan is the most quake-prone in the world. For example, the Great East Japan Earthquake damaged some of these marine cables, resulting in significant disruption of the communication network in Japan. This makes a system charged with the responsibility of cable maintenance and rapid repair imperative.

Another major issue surrounding marine cable is that of surveillance. Among the revelations brought to light by the former NSA contractor Edward Snowden is the fact that the intelligence agencies of the United States and United Kingdom have planted bugs in more than two hundred marine cable networks worldwide.

The information war existed over marine cable existed long before Mr. Snowden leaked this classified information. In reality, cases of cable bugging date back to the 1970s when the NSA sought to listen in on the Soviet Union during the Cold War. Similar acts of bugging today are to be expected. As a result, the discussion should not focus too much on issues of US bugging but instead on future policies.

The potential for nations to collect information from the marine cable carries important implications. While current data analysis technology cannot handle the sheer magnitude of information, intercepting specific personal information could overcome this barrier. Such technology has already been developed and personal information will become more important than it is now due to technology’s ever-expanding ability to exploit such data. Therefore, the value of marine cable, already responsible for the transmission of vast amounts of information, will increase in the near future.

While not all countries tap marine cables, several countries may seek to damage the telecommunication network to counter an enemy’s technological superiority by cutting them off from the network at a time of war. In this way, the building of marine cable infrastructure has become an area of interstate competition as countries seek to build resiliency and redundancy into the system. Thus, marine cable policy should consider not only the potential for damages caused by nature forces, in the land of earthquakes, but also this aspect of national security and the prominent role that marine cables play in interstate diplomacy.  

Intelligence Refereed in Japan National Security Strategy

Within Japan’s December 2013 national security strategy is a commitment to fundamentally strengthen its information-collecting capabilities across a diverse range of sources, including human intelligence, open source intelligence, signals intelligence, and imagery intelligence. In addition, Japan will promote the utilization of geospatial intelligence that combines various types of intelligence, including cyber intelligence. Moreover, Japan will enhance its intelligence analysis, consolidation, and sharing capabilities by bolstering its human resources, including developing highly-skilled analysts. Japan will thereby make use of the array of information-collecting means at its disposal.

Japan will also operate the intelligence cycle more effectively through the timely provision of materials and intelligence to the National Security Council. Japan’s National Security Council serves as the control tower of foreign and security policy, as well as through the appropriate utilization of intelligence in policy formulation. Furthermore, under the Act on the Protection of Specially Designated Secrets (*provisional English translation), Japan will strengthen its counterintelligence functions by facilitating intelligence functions throughout the government.

 

Defense Technology Cooperation

There are increasing opportunities to cooperate in a more effective manner in the interests of international peace. One example is the utilization and provision of heavy machinery and other defense equipment to disaster-stricken areas by the SDF. Additionally, participation in international joint development and production projects has become routine in order to improve the performance of defense equipment while also address the reality of rising costs of defense equipment.

Against this backdrop, while giving due consideration to the Three Principles on Arms Exports, the Government of Japan will set out clear principles on the overseas transfer of arms and military technology that fit the new security environment. In this context, Japan will make considerations with regard to defining cases where transfers are prohibited, limiting cases where transfers could be allowed with strict examination, and ensuring appropriate control over transfers to minimize the risks of unauthorized use and third party transfer.

 

Japan’s Cyber Future

The intensification of the cyber threat requires further strengthening the capabilities of the public and private, including academic, sectors. Towards this end, the Lower House of the Japanese Diet passed the Cybersecurity Basic Act in November 2014, which set new requirements for national and local governments to respond to cyber threats and reorganized the Information Security Policy Council into the Cybersecurity Strategy Headquarters. The Act requires ministries and agencies to provide information regarding cyber attacks to the Headquarters in a timely manner. The Headquarters has been established under Chief Cabinet Secretary and will serve as a focal point for the Japanese government to coordinate cyber strategy, policy and procedures. This will effectively coordinate Japan’s disparate agencies responsible for responding to cyber threats, including the Self Defense Force, the National Police Agency, and the National Information Security Council’s Computer Emergency Response Team. Critical infrastructure companies and cyber security firms are also obligated to cooperate with national and local governments on cyber defenses.

Japan will implement these reforms gradually. As they are put in place, quick responses to cyber threats will remain critical to successful policy. The work of the Cybersecurity Strategy Headquarters will build upon that of the Japanese Computer Emergency Response Team (CERT) to ensure an effective response to attacks as they develop

The Japanese Diet should be lauded for taking these actions as they promise to meaningfully improve the country’s ability to respond to and prevent future acts of cyber aggression. Yet there is always more work to be done. As this article has demonstrated, the current state of cyber intelligence demands a rethinking of outdated diplomatic and security paradigms. Cyber vulnerabilities run deep, present in both physical infrastructure and virtual systems that contain treasure troves of personal data. Japan needs to build on current efforts and improve the cyber literacy of policymakers in order to respond to future crises given the far-reaching implications for the international order.

 

Disclaimer: This paper was prepared and written in the author’s personal capacity. The opinions expressed herein are the author’s own.