Japan shoring up cyber defenses after recent attacks

Japan shoring up cyber defenses after recent attacks

Top Stories | Mar 3, 2020:

Felix Kim

Japan plans a swift and strong response to a cluster of cyber attacks on firms with close ties to Japan’s defense sector, Defense Minister Taro Kono announced.

Nippon Electric Co. (NEC), Mitsubishi Electric, Kobe Steel Ltd. and satellite data provider Pasco Corp. all suffered intrusions by hackers. Industry reports indicate the attackers were from China.

Kono told reporters on January 31, 2020, that a range of measures would be taken to avoid stores of sensitive defense data from being compromised either within systems at Japan’s Self-Defense Forces (SDF) or those of its partners in the private sector.

“We will reinforce the cyber defense squad,” Kono said, “but we want to protect the SDF network by fostering human resources and consulting with the private sector on cutting-edge technology.”

The minister explained that specific data identified by his ministry as particularly sensitive and held by private sector firms “are to be stored in a system that is not connected to the internet.” Audits are being conducted to ensure compliance with this requirement, he said, adding that the Defense Ministry makes no distinction between itself and its private sector partners when it comes to standards for protecting defense secrets.

Sources at Mitsubishi and Pasco indicated the cyber attacks originated in China, according to The Japan Timesnewspaper.  A Chinese hacking group identified as Advanced Persistent Threat 10 or APT10 was accused by the Japanese government in December 2018 of launching cyber attacks targeting Japan’s government, companies and academic institutions, according to the Kyodo News Agency.

“As a matter of course, the Self-Defense Forces will protect ourselves,” Kono emphasized, but will do so within the parameters of Japan’s Constitution, which prohibits the military from first strike measures. “So, this cyber case must be considered in various individual and specific ways in the future.”

Mitsubishi, which Kyodo described as the third-largest major equipment supplier for Japan’s defense ministry, acknowledged on January 20, 2020, that hackers recently stole its email exchanges with the Ministry of Defense and the Nuclear Regulatory Authority, as well as documents related to ventures with companies including utilities, railways and manufacturers. The personal data of 8,000 current, former and prospective Mitsubishi employees may have been breached.

The cyber attacks on NEC occurred over several years through 2018, the company announced on January 31, 2020. They resulted in unauthorized access to 27,445 files, including those related to NEC’s work with the military.

At Kobe Steel, 250 data files may have been hacked in a 2016 attack, Kyodo reported, some of which related to the company’s work with the Defense Ministry. The attack on Pasco Corp., a surveying company specializing in aerial photographs, occurred in 2018.

All the firms reported taking steps to shore up cyber security. (Pictured: Japanese Defense Minister Taro Kono talks to the military’s cyber security personnel in December 2019.)
Japan’s Defense Ministry will strengthen its cyber security capability by recruiting experts to work in the ranks of the SDF rather than turning to outside contractors, Kono said.

“We are increasing our efforts to get many people to know about our daily work, especially for young people,” he said. “I think it is important for the SDF to make itself attractive to such young people, and I think that it is very important to carry out the human resource development process efficiently.”

Felix Kim is a FORUM contributor reporting from Seoul, South Korea.