Govt acts aggressively to cyber-attacker countries

The Yomiuri Shimbun
In the government’s cybersecurity strategy, China, Russia and North Korea are named as nations suspected of being involved in cyber-attacks.

The government has started putting emphasis on publicly attributing large-scale cyber-attacks in which foreign authorities’ involvement are being suspected, by naming and shaming the involved nations in line with the United States and European countries, shifting from its conventional reserved attitude to these attacks.

Simultaneous statements

“We must not overlook malicious cyber activities. We condemn those deeds.”

The Foreign Affairs Ministry made this severe statement when criticizing China on July 19. The statement drew the whole world’s attention as it was made just before the opening of the Tokyo Olympics, in which China was participating, and it was issued simultaneously with similar statements by the United States, Britain, Australia and the North Atlantic Treaty Organization (NATO).

The public attribution was led by the United States. It announced that the Federal Bureau of Investigation (FBI) and others discovered that a group of hackers associated with the Chinese authorities were suspected of carrying out cyber-attacks across the world. Also announced was their suspected use of ransomware, which encrypts data to make it unusable and demand ransom in exchange for restoring the data.

Involvement of nations

Public attribution is a method of naming cyber attackers identified in investigation and publicly announcing their identities.

A senior official of the National Police Agency says that cyber-attacks are usually carried out with the origin of the attack cleverly concealed so that they rarely lead to criminal charges.

But in some cases, the involvement of a state may be strongly inferred through analysis of the virus involved and its modus operandi.

Public attribution is considered to be an effective counterattacking method in such cases, and has been actively performed by the United States and European countries since around 2017. It is also aimed to demonstrate the countries’ investigative capabilities and deter attacks.

In Japan, the Foreign Affairs Ministry condemned North Korea and China once in 2017 and in 2018, respectively, in conjunction with statements criticizing these countries issued by the United States and other countries. However, due to its diplomatic policy to avoid conflicts with the other countries, Japan did not go so far as to act aggressively over that matter.

Lying behind the government’s recent policy shift was the changing international situation. In recent years, cyber-attacks targeting critical infrastructure and advanced technologies have intensified, raising security concerns. In particular, the United States, along with its allies and friendly nations, has been strengthening pressure on China and Russia. Japan has decided that it needs to act with them.

Stipulated in strategy

The National Police Agency’s cybersecurity policy council compiled a report in March, which includes the statement that reads, “We should proactively disseminate information on crime methods and criminal trends when they are discovered.”

In April, then NPA Commissioner Mitsuhiro Matsumoto said at a press conference that People’s Liberation Army’s strategic support unit, called “Unit 61419,” based in Qingdao in China’s Shandong Province, was probably involved in attacks on the Japan Aerospace Exploration Agency (JAXA) and others in 2016 and 2017. This is believed to be the first public attribution made by the NPA.

The government’s “cybersecurity strategy” for the next three years, approved by the Cabinet on Sept. 28, similarly names China, Russia and North Korea, clearly stating that they are suspected to have been carrying out cyber-attacks.

Prof. Motohiro Tsuchiya of Keio University, a specialist of cybersecurity policy, said: “Superiority in the cyberspace will be becoming more and more linked directly to security in the future. Japan needs to further deepen its cooperation with countries concerned and effectively conduct public attribution among other efforts.”

International joint investigation with NPA squad

The National Police Agency plans to establish a cyber bureau that oversees cyberspace measures, and a cyber squad, an investigation unit under the bureau’s direct supervision, in next fiscal year.

The cyber bureau will have a cyber planning department, which mainly collects information, a cyber investigation department, which directs investigation, and a cyber analysis department, whose work includes analysis of viruses.

A dedicated network will be established to connect the cyber bureau and the cyber squad with the metropolitan and prefectural police across the nation such that they can remotely conduct joint analysis.

Enhancing the cyberdefense system is aimed to actively participate in international joint investigations by investigative authorities in various countries.

“We want to establish an organization as early as possible that can deal with the increasing sophistication of cyber-attacks,” said a senior NPA official.