(Nikkei: February 1, 2015 – p. 4)
By Taito Kurose
The government is accelerating steps to strengthen countermeasures against increasingly serious cyber attacks. It has set up a new control tower in the government led by the National Information Security Center (NISC) and is promoting dialogue with other countries on cybersecurity. There have recently been a number of cyber attacks involving several countries, such as the attack on Sony Pictures in the U.S. Will it be possible to protect Japan in the borderless cyberspace?
The extremist “Islamic State” used audiovisual postings on the Internet to issue its statements in the hostage taking of Kenji Goto in late January. While the National Police Agency (NPA) was responsible for analyzing the images, NISC experts were also involved with the analysis of the originator and other aspects of these postings.
Cyber crimes have become increasingly international in nature and the threat of cyber attacks has also increased. The U.S. has identified North Korea as the culprit for the cyber attacks on Sony Pictures. In FY2013, there were about 5.08 million cases of unauthorized access to Japanese government computer systems, representing a sevenfold increase from around 660,000 in FY2011, and 97% of these attacks are reckoned to have originated from foreign countries. With Japan hosting the Olympic and Paralympic Games in 2020, it has become an even more likely target of attacks.
The government set up a new organization to deal with cyber attacks on Jan. 9. The Strategic Headquarters for Cybersecurity headed by Chief Cabinet Secretary Yoshihide Suga was created, with the NISC serving as its secretariat. NISC coordinates with other government agencies and its personnel came from the Ministry of Internal Affairs and Communications, the Ministry of Economy, Trade and Industry (METI), the NPA, the Ministry of Defense, and other offices. The team responsible for analyzing the originator of the messages in the hostage incident was also from the NISC.
The NISC also has among its ranks counsellors and other officials from the Ministry of Foreign Affairs, who are engaged in discussions with foreign countries, in addition to coordination with other government agencies.
All ministries are required to submit data to the NISC whenever they experience cyber attacks. The Center also cooperates with METI and other offices to help build cybersecurity systems for private companies.
Adequate response to cyber attacks across national borders is not possible with domestic systems alone. A senior NISC official notes that, “Cyber defense is not possible by one country alone. It is particularly important to make vigorous efforts to strengthen international cooperation.”
The government will engage Australia in cybersecurity talks shortly. It will also participate in a multilateral conference in the Netherlands in April. So far, it has also set up talks with the U.S., the UK, France, Israel, and other countries. Cybersecurity was also discussed at the Japan-China-ROK talks last October.
These talks with other countries consist not only of an exchange of views on cyber strategy but also discussions on strengthening collaboration among investigation authorities on cyber crimes and cooperation in technology for tracing sources of attack, and so forth. International rule-making for the cyberspace is also important. Dialogues dispel mutual distrust when dealing with cyber incidents.
Japan is building its defenses in cyberspace. However, it has also been pointed out that there are limits to what it can do. One issue is the legal obstacle. It will be difficult to counterattack even if the source of attack can be identified.
The government’s position is that “it is possible to invoke the right to self-defense if cyber attacks constitute a component of an armed attack.” The longstanding constitutional interpretation is that Japan can exercise minimum required force when subject to an imminent and unlawful threat, i.e. an armed attack.
However, it is unclear what sort of damages from cyber attacks will be considered part of an armed attack. Will the “exercise of minimum required force” consist only of counterattacks in the cyberspace? Will Japan exercise the right to collective self-defense if its ally, the U.S. is attacked in the cyberspace? There are many unresolved issues and the government says it will “consider them in line with the discussions going on in the international community.” (Slightly abridged)