Japan is finalizing a plan to conduct a joint exercise with nations including the United States aimed at combatting cyber-attacks as soon as this autumn, The Yomiuri Shimbun has learned.
This would be the first such multilateral exercise orchestrated by the government and appears to have been designed with an eye on China, which has been flexing its muscles in the cyber sector.
The joint cyber drill will be premised on a situation in which important infrastructure such as power generation and communication facilities are simultaneously affected in the targeted nations.
About 10 countries are likely to participate, including the United States, Britain, France, Australia and Israel. The government has previously held discussions on cybersecurity countermeasures with most of these nations. Japan’s National center of Incident readiness and Strategy for Cybersecurity (NISC) will participate in the exercise.
According to sources, the government initially planned to invite participants to Tokyo for the cyber drill, but it is now considering switching to a videoconference format due to the spread of the novel coronavirus.
During the exercise, participants will closely work together to grasp the extent of damage inflicted, pinpoint and analyze the perpetrator, and confirm procedures to get affected facilities operating again. Each nation in this simulation exercise will have officials assigned to roles including information control manager, liaison with electricity and gas utilities and other entities, and coordinator with other nations.
The government has considered multilateral exercises to be increasingly important because information technology equipment and software supply chains have expanded around the world and cyber-attacks have become more sophisticated and cover increasingly wider areas. If a malicious actor were to embed an opening for a cyber-attack in IT equipment or software during the manufacturing or delivery phase, the damage caused by such an attack could be global in scale.
In the spring of 2019, it was revealed that Asus personal computers made by major Taiwan-based computer company Asustek Computer Inc. had been targeted in a cyber-attack. Hackers compromised the company’s automatic software update system. It is believed more than 1 million computer users in Taiwan and elsewhere were affected.
The government believes leading this cyber drill will enable each participating country to share information about cybersecurity measures, such as details about the latest computer viruses and regulations adopted for IT equipment and software, the sources said.
There are mounting concerns over the threat China presents in the cyber sector. In addition, Chinese high-tech firms are strengthening their presence in supply chains. The United States has warned about technology leaks due to cyber-attacks and other methods, and has cited security concerns as a reason for excluding products made by Chinese companies such as Huawei Technology Co.