TOKYO — Japan will introduce the strictest screening standards to date for defense contractors, going as far as checking which country a worker studied abroad in, to prevent sensitive information from falling into foreign hands, in line with U.S. calls to address potential risks to national security.
The Ministry of Defense will require bidding companies to disclose their ownership stakes and data safeguards, as well as the nationality and career background of the personnel involved in the deal. The stringent standards aim to prevent data leaks to such countries as China. Cyberattacks have heightened the potential for such breaches, and defense contractors are increasingly at risk of infiltration.
Pitted in a trade war with China, the U.S. has urged allied countries to address risks to national security from procurement contracts. Japan, which is developing defense equipment with the U.S., also faces the risk of a disruption in such initiatives if they fail to adopt these measures.
In a recent case, a company suspected of strong ties with the Chinese government was found to be involved in a project to develop Japan’s next-generation fighter jet. The Defense Ministry canceled a research contract it had signed with the company.
Japan is considering developing the jet with other countries. Given that sensitive information would be shared with partner countries, the ministry saw the need for more stringent safeguards.
The screening process will cover such areas as a contractor’s financial condition, employees and cybersecurity. The companies will be required to disclose their capital ties, a list of clients and the backgrounds of all involved personnel, including their nationality, work history and education, which would also cover time spent studying abroad.
Aside from disqualifying companies with filings that raise a red flag, the Defense Ministry can withdraw an awarded contract if a bidder is found to be a potential risk.
The Defense Ministry currently calls on companies to abide by data security provisions after a contract is awarded. In contrast, European countries and the U.S. scrutinize bidders beforehand.
Defense Ministry procurement data for fiscal 2018 lists 270 transactions, with 2% involving foreign companies. Numerous private-sector companies are handling sensitive defense information, including in such fields as cybersecurity and ballistic missile defense.
A review of the contracts revealed companies with insufficient data security safeguards or inadequate disclosures. Capital ties traced back to China were found in an affiliate that was part of a complex nest of group companies, according to a major consultant’s findings.