Invisible threats / Japan searches for ways to exclude China from key infrastructure

The Yomiuri Shimbun

9:59 JST, February 27, 2022

The importance of communications infrastructure was recently highlighted when an undersea volcano erupted in the South Pacific. Not only did the eruption affect Tonga aboveground, but it severed an undersea fiber-optic cable, making it difficult for the outside world to quickly determine the extent of damage and provide assistance.

“Australia must be first and foremost giving assistance to Tonga,” Kevin Rudd, the former Australian prime minister, posted on his Twitter account after the eruption. “Failing that China will be there in spades.”

Australia has been trying to eliminate China’s influence in the region because it believes that if companies from China are involved in work with undersea cables or other communications systems, it could pose a threat to the safety of data transmitted via the network.

With generous financial assistance from the Australian government, a major Australian telecommunications company announced in October that it would buy the South Pacific arm of a telecom firm that covers Tonga among other countries in the region. The United States and Japan are also financially backing Australia in this endeavor, with China in mind.

On Feb. 12, Foreign Minister Yoshimasa Hayashi met Australian counterpart Marise Payne in Melbourne, reaffirming their nations’ cooperation in supporting Tonga’s mid- and long-term reconstruction. One aim was to prevent China from taking advantage of the eruption to become further involved in Tonga and increase its influence there.

Critical infrastructure like telecommunications not only face risks from natural disasters, but also from military conflicts and cyber-attacks. In the event of a contingency in Taiwan, it is rumored that China might first target cable landing stations for undersea cables in the Taiwan Strait in order to cut Taiwan off from exchanging information with the rest of the world.

■ Theft of information

When it comes to critical infrastructure, Japan does not have a comprehensive system to examine security issues, such as the appropriateness of contractors for maintenance and operations. Currently, respective government ministries and agencies separately take measures to protect infrastructure facilities under their own jurisdiction.

In December 2020, the Financial Services Agency contacted a Tokyo-based major insurance company to inform the firm of the risk of information being stolen.

“According to your business plan, your company plans to use a Chinese system, so we would like to check the matter in detail,” the FSA said.

At the time, the insurer was considering using a system developed by a company funded by Chinese capital to sell new insurance products. Originally, the system let customers enter accident and other information via smartphones and other devices to make insurance claims.

The company ended up modifying the system so that sensitive information cannot be transmitted.

“The ideal is to use homegrown systems for all products and services,” said a person from the company, who mentioned that rival companies were also planning to use the same Chinese system. “It was difficult for management to decide to be the only company not to use the Chinese-made system.”

The government plans to submit to the current Diet session an economic security promotion bill. If passed, the law would institute prescreening for 14 types of critical infrastructure, including electricity, gas, communications, finance, railway and broadcasting, on occasions such as when new equipment is introduced. It would also allow the government to take preventive measures by issuing recommendations and orders when it identifies security threats.

■ Allies keeping watch

Japan is on the verge of taking these drastic measures because it is necessary for the country to have capabilities equal to those of allied and friendly nations, such as the United States, and cooperate with them to counter cross-border attacks against key infrastructure.

In the United States, one of the country’s largest oil pipelines was forced to shut down in May after being hit by a ransomware attack. Soon after, the world’s largest meat processing company, JBS USA, was targeted, followed by the largest U.S. broadcast-related company, Sinclair Broadcast Group, which owns about 180 affiliate TV stations. The resulting damage spread widely.

The U.S. government believes that Russia and China might be behind hacker groups that conducted these cyber-attacks.

In June, the White House issued a rare letter to companies urging them to protect against the threat of ransomware through such means as encryption.

“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” the letter says.

In October, the White House hosted the first-ever virtual conference on ransomware with ministers and other officials from about 30 countries, including Japan.

At the meeting, U.S. national security adviser Jake Sullivan said, “We view international cooperation as foundational to our collective ability to deal with the ransomware ecosystem, to hold criminals and the states that harbor them accountable, and to reduce the threat to our citizens in each of our countries.”

While Sullivan had words of appreciation for Australia, Britain, Germany and India, he did not mention Japan.

“The United States remains dissatisfied with Japan’s cyber defense, as it is still too weak,” a senior Foreign Ministry official said.

Allied nations are watching how Japan will enhance its cyber defense capabilities through the development of human resources and the introduction of necessary legislation.