Are preparations at Japanese companies to cope with cyber-attacks thoroughgoing? This latest development is a problem that may arouse such concerns.
It has come to light that Mitsubishi Electric Corp., a leading electronics maker, was hit by a cyber-attack. The personal data of employees and top-secret corporate information may have been leaked, the company said.
Computers at the company were infected with a virus. The company appears to have experienced a massive cyber-attack by a Chinese-affiliated hacker group. The possibility has also emerged that the attack targeted Mitsubishi Electric, rather than a large unspecified number of companies.
How was such unauthorized access to the company’s computers made and how did the virus spread through its internal networks? Were there any problems with the company’s management of its computer systems? Thorough elucidation of the incident is called for.
Mitsubishi Electric deals with the manufacturing of not only electric appliances but also radar equipment for the Defense Ministry and the Self-Defense Forces, and Japan Aerospace Exploration Agency satellites. The company also develops nuclear power plant systems and deals with railway companies.
Mitsubishi Electric said that sensitive information on defense, electricity, railways and other sector operations was not leaked. But there is no denying that information related to these key infrastructure systems was targeted. Should such information be leaked, it would have serious repercussions for public safety and national security.
This year is of particular importance as Japan will host the Tokyo Olympic and Paralympic Games. Considering the growing risk of the country coming under cyber-attacks, this problem should not be made light of.
With regards to cases involving companies, Mitsubishi Heavy Industries, Ltd. and others in the defense industry were hit by cyber-attacks in 2011. The virus that was found was a dangerous one that made it possible for a computer to be manipulated from the outside and information to be leaked.
Afterward, there was a heightened sense of crisis among companies. The Mitsubishi Electric Group was taking countermeasures by, for instance, installing various devices for cybersecurity at connection points between the internet and its internal computer networks.
Mitsubishi Electric has also provided other companies with services to counter cyber-attacks by building a system designed to stem the damage from such an attack. If an outside entity has carried out a cyber-attack that breaks through the defenses of a company with advanced cyber technology, it can be considered a serious situation.
The government’s National Center of Incident Readiness and Strategy for Cybersecurity has been putting together information held by government ministries and agencies. Yet there are many companies that are negative about reporting any damage from cyber-attacks to the relevant authorities. Doubts remain as to whether the sharing of relevant information is being carried out smoothly.
It was June last year when Mitsubishi Electric detected this latest virus infection on a device at the company. It must not be forgotten that the prompt sharing of relevant information between the ministries and agencies concerned and the companies is crucial to preventing damage from spreading.
— This article appeared in the print version of The Yomiuri Shimbun on Jan. 21, 2020.