As one of the new theaters of warfare, cyberspace has become ever more important. The Yomiuri Shimbun recently interviewed Motohiro Tsuchiya, dean of the Faculty of Policy Management at Keio University and an expert of cybersecurity and international relations, as to what he considers the characteristics of cyberspace.
Motohiro Tsuchiya: Be it land, sea, air, or outer space, they are all in natural domains. But cyberspace is solely in an artificial domain, which assumes a role of a brain and nervous system — it includes all these and links up each of the domains.
An artificial satellite communicates with locations on the ground, using cyberspace, and without this, the Global Positioning System (GPS), which grasps the locations of tanks, a fleet, and aircraft, will not function. The things that operate military systems with the use of cyber systems are now in very vulnerable situations, with cyber-attacks against them increasing.
Yomiuri Shimbun: What do you think of the movements of the United States and China?
Tsuchiya: In response to the electoral intervention by Russia’s cyber-attacks in the 2016 presidential elections, the United States has heightened its vigilance. In 2018, the country compiled the National Cyber Strategy advocating a concept of “defend forward.” It is intended to infiltrate an adversary’s information network system in ordinary times, monitor it and wreck it once the adversary launches a cyber-attack on the United States.
In the midterm elections held afterward, the United States reportedly started cyber-attacks on a Russian company that circulated fake information during the 2016 presidential elections, cutting off the company’s communications network. “Warfare without declaration of war” has been underway behind the scenes, and at present the issue of how to fend off cyber-attacks during the 2020 presidential elections has become the top priority.
The turning point for China was the Edward Snowden leaks (see below) in 2013 in which information about U.S. surveillance operations of the National Security Agency (NSA) was leaked. Having heightened its sense of alarm over the overwhelming surveillance capability of the United States, China accelerated all at once the reinforcement of its cyber capability so as to be able to do everything that was described in Snowden’s documents.
■Legal arrangements to enable response
Yomiuri Shimbun: Can the Self-Defense Forces deal with cyber-attacks?
Tsuchiya: The SDF are short of budget, staffing and capabilities. The Cyber Defense Group has about 220 personnel at present. It is orders of magnitude smaller than those in the United States, China and North Korea. Even in improving their preparedness, both the Maritime and Air Self-Defense Forces cannot afford to spare personnel due to their tasks related to the Senkaku Islands in Okinawa Prefecture, for instance. It is the Ground Self-Defense Force that should drastically allocate its personnel and budget to the sphere of cybersecurity.
Japan advocates “proactive cyber defense,” and in the National Defense Program Guidelines, adopted in 2018, it has been made clear that the SDF would own the “capabilities of blocking” cyber-attacks made by adversaries. But unless a defense mobilization order or a public security mobilization order is issued, the SDF cannot take any actions.
In ordinary times, they cannot infiltrate the server of what is reckoned to be the attack source, due to the “secrecy of communication” as protected by the Constitution and the restrictions imposed by the Telecommunications Business Law. They have to search for the attacker only after the mobilization order is issued, but there is no way for them to identify the attacker instantaneously. The proactive cyber defense is right in spirit, but there are plenty of challenges in reality.
Even if critical infrastructure comes under a cyber-attack, the SDF would, probably, never be mobilized. The system is such that in response to a report from a business operator under such an attack, a government ministry or agency with responsibility will share that information with the National center of Incident readiness and Strategy for Cybersecurity (NISC). Unlike in the United States, a governmental organization cannot conduct surveillance directly. Legal arrangements should be considered, which would limit certain operators of critical infrastructure and enable the sharing of information with the government.
Yomiuri Shimbun: What does the United States expect of Japan?
Tsuchiya: Sorry to say, but the difference in capabilities in the domain of cyberspace is so large between the two countries that the current situation is such that the Japan-U.S. alliance can hardly be said to be at work. As the U.S. military is saying that it wants to support Japan in the domain of cyberspace, it is important for Japan to enhance its capabilities.
Worrisome in the sphere of cyberspace is the fact that there are many countries on the Eurasian Continent, such as Russia, China, North Korea and Iran, which are actively operating in that sphere.
The United States has a framework of sharing information with the Five Eyes, an intelligence alliance with the United Kingdom, Canada, Australia and New Zealand. As its Atlantic partner, it has Britain. The United States expects Japan to become a Pacific partner. Also, in forming an international coalition of partners in the domain of cyberspace, the roles to be played by Japan will be great.
■Tsuchiya, 50, earned a Ph.D. in media and governance from Keio University. Having served as a visiting scholar at the East-West Center of the United States, among other positions, he came to assume his current post. As a member of the Council on Security and Defense Capabilities, which the government established in 2018, he was involved in the compilation of the National Defense Program Guidelines.
■Edward Snowden leaks: From June 2013, Snowden, a former employee of the Central Intelligence Agency (CIA), leaked a succession of classified information on surveillance operations of the National Security Agency. The NSA was said to have infiltrated the communication cables linking data centers that U.S. companies own overseas and collected data such as emails, voice calls and video files exchanged by individuals. Snowden is currently wanted by the United States.