RYOMA KASHIWAGI, Nikkei staff writer
TOKYO — Japan will establish a centralized police unit as early as fiscal 2022 to investigate serious cybercrimes, following the lead of countries taking a national-first approach to serious threats.
The National Police Agency looks to set up a response team for probes as well as a bureau to direct and oversee these efforts, with a total of about 400 personnel. The national authorities — who usually do not handle primary investigations themselves — will focus on incidents that cause widespread damage, such as those targeting major infrastructure, as well as facilitate cooperation with other countries.
The reorganization reflects growing alarm over incidents like the ransomware attack that shut down a major U.S. fuel pipeline in May. The American arm of Brazilian meat supplier JBS paid hackers the equivalent of $11 million after a similar attack took plants offline.
With attacks believed to involve such state actors as China and Russia on the rise, European and North American governments are having national authorities take the lead in their response.
In the U.S., the FBI is striking back with help from cutting-edge technology. The bureau recovered much of the cryptocurrency paid as ransom in the pipeline attack.
The U.K., which originally tasked local police with investigating cybercrime, brought it under the umbrella of the National Crime Agency, established in 2013.
Cross-border cooperation is also on the rise. Authorities in eight countries, coordinated by Europol, the European Union’s law enforcement agency, in January identified the group responsible for spreading Emotet — malware that spread to more than 200 countries over several years — and said they had taken control of its infrastructure.
The EU plans to launch a unit in 2022 for member countries to coordinate joint responses to cybersecurity threats.
Setting up a national-level investigation team would make it easier for Japan to participate in international operations. But Japanese authorities could be hindered by a lack of powers that counterparts elsewhere use to combat cyberattacks more effectively.
The FBI and German authorities can launch attacks against cybercriminals to gather information to determine their identities. During the Emotet investigation, the Netherlands’ National Police hacked into perpetrators’ systems to disrupt the malware.
Japanese law does not allow for police here to take similar steps. “It could be a tool to expose attackers that use anonymous communications as cover,” said Ko Shikata, a Chuo University professor specializing in criminal justice, criminology and public safety policy. “Confidentiality needs to be taken into consideration, but they should discuss implementing new methods.”
Talent is another issue. Japan’s law enforcement authorities have fewer than 2,000 people in total specializing in cybercrime investigations. Plans for the new national team call for bringing in investigators with technical expertise from forces across the country, but local authorities have expressed concern that they will end up short-handed. Training new staff and partnering with the private sector will be a must.
Toshio Nawa of the Cyber Defense Institute stressed the importance of a unified command structure for investigations. “The National Police Agency should assign strong talent appropriately, and mobilize them as an effective investigation agency as soon as possible,” he said.
The national authorities are also taking the lead on this front in the Ministry of Defense. The ministry will set up a specialized cyber defense corps in 2022 with experts from across the Self-Defense Forces to respond to attacks on SDF networks.