Govt, private sector must join forces to shield vital tech from cyber-attacks

The Yomiuri Shimbun

17:00 JST, April 22, 2021

About 200 research institutions, companies and universities related to defense and space have been hit by cyber-attacks. The Chinese military is strongly suspected of having been involved in these attacks. The Japanese government must expedite efforts to uncover the whole picture of the attacks to take countermeasures.

These cyber-attacks targeted entities such as the Japan Aerospace Exploration Agency, Mitsubishi Electric Corp., Hitachi, Ltd. and Keio and Hitotsubashi universities from 2016 to 2017.

The Metropolitan Police Department has identified two Chinese men who allegedly used false names to subscribe to rental servers that were used in the cyber-attacks. The MPD has sent papers on one of the two — a Chinese Communist Party member — to the Tokyo District Public Prosecutors Office on suspicion of illegally creating and providing private electronic records.

The two men were questioned by the police on a voluntary basis while visiting Japan. They have already returned to China, but their accounts and other records have revealed that they subscribed to the rental servers under false names at the request of a hacker group believed to be an integral part of the Chinese military, according to sources. It can be said that these findings establish strong suspicion that Chinese forces launched the organized attacks.

It is rare for investigative authorities to be able to identify someone involved in a cyber-attack and establish a case.

China has been stepping up its efforts to develop technology related to missiles and space. No information theft has been confirmed so far in the cyber-attacks, but if any pieces of information on defense or advanced technology have been compromised, that would seriously affect the nation’s security and economy.

Investigative authorities are urged to quickly grasp the extent of damage and thoroughly uncover the cyber-attacks’ purpose and methods. They should also work together with defense authorities so that the government as a whole can share information and take countermeasures.

The Chinese Foreign Ministry expressed displeasure over the allegations. The ministry said it is “not aware of the relevant circumstances,” adding that investigations into cyber-attacks “should not be based on idle speculation.” If this is the case, China should provide full cooperation to Japanese investigative authorities.

The hacker group in question is known to have been involved in attacks in the past targeting Japanese companies and other entities. According to the latest Defense of Japan white paper, the Chinese military has a cyber-attack unit with about 30,000 members.

Threats in cyberspace do not always come from China. Last autumn, it was reported that Russia’s intelligence agency was suspected of having carried out cyber-attacks targeting this summer’s Tokyo Olympics and Paralympics. North Korea has also intensified its theft of crypto-assets, or virtual currency, through cyber-attacks.

In Japan, 6,500 suspicious accesses were confirmed per day last year, according to the police. Cyber-attacks target not only companies in the defense industry but also small and medium-size firms in other fields for their sophisticated technologies. It is important for businesses to raise their level of vigilance and review how to manage information and respond to cyber-attacks.

When hit by cyber-attacks, many companies hesitate to reveal the fact for fear of undermining people’s confidence in them. Targeted businesses are urged to minimize damage by promptly sharing information with the National Center of Incident Readiness and Strategy for Cybersecurity and other relevant authorities.

— The original Japanese article appeared in The Yomiuri Shimbun on April 22, 2021.