This is a Serious Situation that Shakes Japan’s Credibility

If a U.S. newspaper report is true, the vulnerability of Japan’s defense system has been exposed to the international community. Japan must urgently strengthen its cybersecurity measures.

The Washington Post reported that Chinese military hackers had compromised networks containing Japan’s defense secrets. Moreover, the unauthorized access was repeated. It is believed that the aim was to probe the capabilities and shortcomings of the Self-Defense Forces.

In autumn 2020, the U.S. National Security Agency (NSA) discovered the unauthorized access. The NSA director and another U.S. defense official, who took the situation seriously, hurriedly came to Japan and told the government that this was “one of the most damaging hacks in [Japan’s] modern history,” according to the newspaper report.

Many of the systems operated by the SDF are sealed off from the outside world and are considered to be highly confidential. If the intrusion was allowed in spite of this, it would be a serious matter.

If defense secrets have been accessed, Japan could lose the trust of its allies as well as other countries with which Tokyo has close relations. Fearing that important information could be leaked from Japan, they may shy away from providing such information.

The problem is the Japanese government does not seem to have such a sense of urgency.

At a press conference, Japan’s Defense Minister Yasukazu Hamada said in response to The Washington Post report, “We haven’t confirmed any case in which classified information [held by the Defense Ministry] has been leaked.” He declined to clarify whether there had been an intrusion, saying, “That would reveal the SDF’s response capabilities.”

With this news report, the world is questioning Japan’s cybersecurity measures. Japan should clarify what kind of attacks it suffered and what measures it took afterward.

In addition to the SDF, other Japanese entities have faced the threat of cyber-attacks.

The National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the government’s cybersecurity headquarters, announced this month that its system had been compromised and the unauthorized access may have resulted in the leak of up to 5,000 items of personal information, including the addresses of private businesses that communicated with the government body through emails.

It is unacceptable for the government’s command center for cybersecurity measures, which is in a position to guide private businesses, to become the source of information leaks.

Since the NISC staff, most of whom are seconded from the Internal Affairs and Communications Ministry and other ministries and agencies, are often replaced every few years due to personnel transfers, it is said that the responsibility of the NISC is ambiguous. A review of the organization is urgently needed.

The government is considering the introduction of active cyber defense, which involves infiltrating the source of an attack in order to prevent cyber-attacks. The SDF intend to increase the number of specialized units for that purpose, which currently number about 900, to 4,000 by the end of fiscal 2027.

The plan needs to be steadily implemented to overcome Japan’s weaknesses.

(From The Yomiuri Shimbun, Aug. 10, 2023)