After a long discussion with Ito san recently, this is a priority for Japan. Here is an ancient story by instant media standards on some issues that are strategically important.
All posts in category Cybersecurity
Catching up again
Posted by japanspace on May 8, 2013
https://japanspace.wordpress.com/2013/05/08/catching-up-again/
JSP Catchup #9: In Asia, C4ISR Market Is Growing
Ahem, just after writing JSP Catchup #8, I have to issue a mea culpa as colleague Wendell Minnick asked me to contribute from Japan, resulting in us looking at the UAV issue in In Asia, C4ISR Market Is Growing, which is easier to link to without copy and pasting the Defense News version in the paper. But, here is how it looks on the web!
Posted by japanspace on November 19, 2012
https://japanspace.wordpress.com/2012/11/19/jsp-catchup-9-in-asia-c4isr-market-is-growing/
JSP Catchup #8: Japan To Boost Missile Warning, Other Surveillance Efforts
Here is a story that Space News asked me to write for their Military Space Quarterly, so it gave me a chance to write a little bit about the militarization of Japan’s space development, which is apparently not occurring.
The intriguing thing for me as a media participant and, more recently, as an observer, is why Japan’s development of a UAV program for early warning should suddenly become news.
And, ahem…news.
Well, it’s because the Yomuiri decided it was news, even though the information has been out there since August, when the request for the budget was put out.
This led to the story being printed in the English and then suddenly the WSJ even has an angle.
Perhaps the journalist has figured out that maritime observation was somehow important to the U.S.-Japan Alliance, perhaps as it has been written in as one of the fours priority areas of cooperation. in the U.S.-Japan Security Consultative Committee (2+2) (June 2011).
The funniest story of them all was an AFP hack job on the Yomiuri story which was itself re-sluiced round media slop sites, including a website called Inquirer.net, which quoted the AFP quoting the Yomiuri as saying “The defense ministry has demanded 3 billion yen ($372 million) over the next four years to develop the aircraft, which would come into operation in 2020, the Yomiuri Shimbun reported without citing sources.”
The Yomiuri Shimbun’s source was, as I mentioned, the publicly available MOD budget request, released months before, in color:
The fact that Japan is developing UAVs is old, old news; the fact that it is developing them as an alternative to satellite- based EW was big news- back in August. I wonder why the Yomiuri decided to notice the story months later?
In any case, for space watchers, the interesting point about this why is Japan researching twin Early Warning programs simultaneously?
If you believe in the cock-up theory of history and recognize the stovepiping inherent in any large bureaucracy, then you might call it one hand not knowing what the other is doing.
In this case however, it is more probably the extreme anxiety that the MOD feels about buying Japanese, which is probably based on the fact that the IGS has proved so problematical for Japan. There is a strong sense in the MoD that it can buy better gear, cheaper, with guaranteed compatibility and interoperability in terms of space based EW, so why risk buying from Melco?
Also there are tricky decisions whether to mount EW sensors on the geo-based satellites of QZSS, or develop standalone satellites, or put capability on a future Himawari, among other options on the table. In the meantime, cheap and cheerful UAV-mounted sensors are an option.
I’ll talk about SSA in a later submission, perhaps at the end of the month. If EW looks complicated for Japan, wait till you see what is happening with SSA! Anyway, here is a recent article from Space News.
Posted by japanspace on November 19, 2012
https://japanspace.wordpress.com/2012/11/19/jsp-catchup-8-japan-to-boost-missile-warning-other-surveillance-efforts-2/
JSP Catchup #4: U.S., Japan Strengthen Ties Through Panetta Visit
After a long talk with an old SAIS buddy of mine, we came to the conclusion that China has blown it; Japan will now, following up on its more general security strategy, look to disinvest and take its business away and put it with the growing string of Asian nations who are also pissed at and increasingly concerned with China’s belligerence. Can China control the genie of nationalism it has unleashed? I can see whiplash ahead.
The U.S. will find more common ground with Russia, if it has any sense at all. In any case, in answer to the old fear of abandonment that seems to resurface regularly, the U.S. in no certain terms seems to be showing more of its cards. Thank you, Mr. P!
Posted by japanspace on November 19, 2012
https://japanspace.wordpress.com/2012/11/19/jsp-catchup-4-u-s-japan-strengthen-ties-through-panetta-visit/
JSP Catchup #3: Japan’s Budget Request Targets Capabilities To Defend Sea Lanes
Here is a follow-up from the previous story with a little more analysis, which was published by Defense News on September 14.
Posted by japanspace on November 19, 2012
https://japanspace.wordpress.com/2012/11/19/jsp-blog-catchup-3-japans-budget-request-targets-capabilities-to-defend-sea-lanes/
Chinese hackers stole U.S. F-35 stealth fighter jet details
Here is a report out of London (AGI) about what quite a few of us expected if true; F-35 data has been stolen by Chinese hackers. Here is the story and link.
(AGI) London – Chinese spies hacked into computers of British Aerospace (BAE) stealing details about the US F35 fighter jet.
When pictures of China’s first stealth fighter jet (the J-20) were circulated in late 2010, analysts all over the world were impressed with the progress made by Beijing in terms of aeronautical technology. Today, the Sunday Times reported that Chinese hackers managed to infiltrate computers of Britain’s biggest defence company, British Aerospace, to steal details about the Pentagon’s latest stealth fighter jet, the F35, which is still at the development stage. . .
Actually it is suspected by my Sensei at Keio University G-SEC, Motohiro Tsuchiya, that the partially successful cyberattack on MHI last summer may have also have yielded up some missile defense and nuclear power plant data. As most readers will know, MHI is a key contractor in the U.S.-Japan SM3-Block-IIA development program. Here is the draft of a story I wrote for Space News last November that was killed…
BEGIN TEXT
PAUL KALLENDER-UMEZU, TOKYO
Highly sensitive military data related to a number of space, aerospace and other programs may have been netted by hackers in a cyber-attack on Japan’s largest military contractor, Mitsubishi Heavy Industries (MHI) this August, according to a senior cybersecurity expert here. The attack on MHI is just one part of a amid a wave of increasingly sophisticated assaults targeting top Japanese government institutions and corporations that is prompting a government effort to improve national security that have come to light in recent weeks.
MHI discovered viruses were at 11 locations across Japan, including plants that build missiles, jet fighters, the H-2A and H-2B launch vehicles, submarines and nuclear power reactors meaning that information stolen could include details of the SM-3 Block IIA advanced ballistic missile that is part of a joint research program between Japan and the U.S., according to Motohiro Tsuchiya, a professor at Keio University and member of the Information Security Policy Council, a top-level government cybersecurity advisory body here.
“Yes, it’s possible. The sponsors behind the attack will be trawling the data right now,” Tsuchiya said in a November 5 interview.
The attack came to light in September when it was revealed that 45 servers and 38 PCs had been infected by 8 or more types of viruses after employees had unwittingly opened e-mails containing malware. On October 25, in a statement, MHI conceded data had leaked out of the company’s network after a month saying there was no evidence of such a breach.
Hideo Ikuno, a spokesman for MHI declined, November 9, to comment on the issue, or local media reports that the company has up to 50 types of viruses in its systems.
The situation has angered Japan’s Ministry of Defense, which only found about the issue after the story was leaked to local media. Contractually the MOD should have been informed immediately of any security breach, said ministry spokesman Takaaki Ohno.
“It is very regrettable that MOD was not informed, and we lodged a protest to MHI. We reprimanded MHI severely over the cyber-attack incident, and MHI promised to promptly and steadily deal with an investigation and the prevention of recurrence,” Ohno said, November 9.
Over the past eight weeks Japan has been awash in revelations about cyber attacks on its leading companies and institutions.
IHI Corp. and Kawasaki Heavy Industries, both major space and military contractors here, have confirmed they had also been also been targeted in August in similar attacks to those on MHI. In late October, Chief Cabinet Secretary Osamu Fujimura revealed the Foreign Ministry and some Japanese embassies had been under attack since June. Local media also reported computers and a servers used by three members of Japan’s Lower House had been hacked and passwords and usernames of around 500 staff had been compromised.
Attacks on the MOD have been unsuccessful to date, Ohno said
Tsuchiya said the media reports only represent a tiny fraction of the waves of increasingly sophisticated and subtle attacks that began this January by suspected hackers in China when virus and Trojan laden e-mails sometimes revealing an astonishing ability to plausibly impersonate legitimate communications started hitting Japanese systems. The attacks on Japan followed earlier assaults on the U.S. Government on July 4, 2009 and then South Korea, with attacks on the Blue House and leading South Korea companies by mounted by suspected North Korean hackers, he said.
“The recent tactic has been attacking peripheral institutions with lower security and then getting in behind the lower barriers, for example by attacking think tanks. When this year started, everyone knew something was wrong,” Tsuchiya said.
Recent attacks are causing Japan to bolster its cybersecurity measures, not least the MOD. Ohno said at the Japan-U.S. Defense Ministerial Meeting on October 25, the ministers reaffirmed the significance of Japan-U.S. cyber strategy policy discussion, and decided to share information between defense authorities more closely.
“Information security is extremely important for the MOD that is in charge of this country’s security, and we intend to strengthen our response to cyber-attacks,” Ohno said.
The government will also launch framework that will share information on cyber attacks and discuss defenses among private and public sector participants, said Tsuchiya.
“MHI’s defenses should be very good but there are always holes and weaknesses and the real weakness with the targeted e-mail is the human link,” Tsuchiya said.
END TEXT
Posted by japanspace on March 12, 2012
https://japanspace.wordpress.com/2012/03/12/chinese-hackers-stole-u-s-f-35-stealth-fighter-jet-details/
The Rise of Asia’s Cyber Militias- Reposted from CRF/ Atlantic
Just picked up this – Prof. Motohiro Tsuchiya’s recent AJISS Commentary Patriotic Geeks Wanted to Counter a Cyber Militia reposted on JapanSpacePolicy.com has also attracted the interest of The Atlantic, specifically Adam Segal, senior fellow for counterterrorism and national security studies at the Council on Foreign Relations.
The Rise of Asia’s Cyber Militias
By Adam Segal
Feb 23 2012, 9:25 AM ET China, Japan, and others are developing informal teams of patriotic hackers to defend their nations.
A Chinese internet cafe customer logs on in Changzhi, Shanxi province / Reuters
MORE FROM THE COUNCIL ON FOREIGN RELATIONS
When people warn of growing cyber insecurity they are often referring to the threat of an arms race, countries trying to outdo each other in the development of offensive weapons and defensive technologies. This is certainly a real risk, but the greater threat to Asian regional stability may not be from technology, but the spread of an organizational framework.
Keio professor Motohiro Tsuchiya has written a commentary (h/t David Wolf) suggesting that Japan needs to establish a cyber militia in order to defend itself from attacks. Offense will always have the upper hand over defense, Tsuchiya argues, so the government will always struggle to keep up. The majority of expertise is in the private sector, and government salaries will never be competitive enough to attract and retain the talent needed. What can Japan do but appeal to patriotism? “Success hinges on whether the government can secure patriotic geeks.”
There has been similar discussion in India. In November 2011, Information Technology Minister Kapil Sibal called for a community of ethical hackers to help defend Indian networks since “the resource pool of them is very limited in the world.” India has also reportedly been considering using patriotic hackers for offensive operations. The Times of India reported a high level meeting in August 2010–chaired by National Security Adviser Shiv Shankar Menon and attended by the director of Intelligence Bureau as well as senior officials of the telecom department and IT ministry–that considered recruiting and providing legal protection to hackers who would be used to attack the computers of hostile nations. During a visit that October, several security experts in Delhi told me that NTRO officials were soliciting hackers on websites and electronic bulletin boards.
China, of course, is widely suspected of using patriotic hackers and cyber militias for defense and offense. According to the Financial Times, Nanhao Group, a web company outside of Beijing, has departments tasked for attacks and defense, and this Chinese report mentions cyber militias in Tianjin’s Hexi District. Recent intelligence leaks and private security reports about cyber espionage suggest that the Chinese government backs or directs the majority of espionage attacks on Western and Japanese technology companies, with hackers clocking in and out between 9am and 5pm Chinese time.
The talent concern is real, but addressing the problem through cyber militias would be profoundly destabilizing for the region. Militia members may one day walk out the door and not only use their skill and knowledge against other states without authorization, but may also turn them back on home networks. Military planners would also have to worry, especially during a crisis, that militias might ignore orders or target off-limit networks, increasing the risk of escalation and decreasing ability to signal intent to the adversary.
The plausible deniability of patriotic hackers is one of their biggest selling points; states can claim they know nothing about attacks and can do little to stop them. Technological changes that make attribution easier, or other forms of intelligence that have the same impact, would do a great deal to make cyber militias less attractive to policymakers. In the short term, if regional leaders are not going to fight the urge to mobilize their own militias, they at least need to ensure that they know who they should be talking to on the other side if a crisis breaks out and they must be able establish clear lines of communication. In the longer term, ASEAN or other regional groupings would be wise to promote a norm of state responsibility for cyberattacks emanating from within a country’s borders. As the Atlantic Council’s Jason Healey argues, developing this norm will involve state-to-state negotiations and capacity building as well as diplomatic, economic, intelligence, and, possibly, military responses.
Patriotic geeks might be the answer to a lot of policy challenges. But in terms of cybersecurity, it may be best to either bring them completely into the fold, or keep them at arms length.
This article originally appeared at CFR.org, an Atlantic partner site.
Posted by japanspace on March 9, 2012
https://japanspace.wordpress.com/2012/03/09/the-rise-of-asias-cyber-militias-reposted-from-the-atlantic/
Patriotic Geeks Wanted to Counter a Cyber Militia
Here is a piece by my academic adviser, Prof. Motohiro Tsuchiya on AJISS recently.
Motohiro Tsuchiya
17 February 2012
Cyber-attacks are hitting the headlines almost every day. Crackers, or black hat hackers, are trying to access sensitive defense industry information and stealing e-mail passwords from Diet members, threatening to disrupt key communications infrastructure. The “attacks,” however, have killed no one, at least here in Japan. Probably few have died directly from them around the globe either. Very few who have planned and executed the attacks have been arrested so far.
China and Russia often appear on the usual suspect list. However, there is no evidence showing that the attacks are state-sponsored. The two countries claim that they are also victims. Given the current state of technology, it is extremely difficult to pin down the attackers.
Of course, this does not mean that there are no state-run or state-sponsored cyber-attacks, let alone that such attacks can be ruled out in future. However, the truth is that the overwhelming majority of cyber-attacks are currently planned and executed by private militias and mercenaries. Although the United States and other countries have started to create special cyber-units within their military forces, militaries and governments on the whole have only a limited number of experts who are familiar with the technologies used in cyber-attacks and security holes. Because such advanced technology and skills bring good prices in the private sector, no one but ardent patriots would choose to work for the government.
The actors executing cyber-attacks can be divided into three categories. The first is young people with plenty of idle time on their hands. They join in attacks for fun by utilizing tools at such places like Internet cafes. The second is those who engage in espionage seeking intelligence for profit. The third is experts in the military sector who conduct test attacks in preparation for future cyber war and try to find security holes. They may carry out attacks themselves but may additionally hire attackers from outside.
Japan was one of the first countries to introduce cyber security measures, having set up the National Information Security Center (NISC) under the Cabinet Secretariat in 2005. The initial concerns were primarily technical issues, exhibiting little awareness that cyber security has to do with national security and crisis management. However, since major cyber-attacks were carried out against the US and South Korea in July 2009, Japan has been making preparations on the assumption that it could be the next target. The government drew up a special national plan titled “Information Security Strategy to Protect Japanese Nationals” in May 2010.
The real challenge of such a strategy is whether the government can secure good experts to counter militias and mercenaries. The rewards that the government can offer would be too small for competent geeks. Even if the government succeeds in employing them, it would be vulnerable unless it keeps them committed long enough – think about the risk of them being hired by adversary forces after their stint in the government! Success hinges on whether the government can secure patriotic geeks.
The attacker has the upper hand in cyber war. The defender must be prepared for an attack that could come from anywhere, at any moment. There are even cases in which defenders are not aware that they are under attack. Unless the government secures experts who can detect a cyber-attack at an early stage and take effective measures, national defense will be rendered fragile. In an era of increasingly high-tech weapons, damage to communication facilities can be fatal to defense operations. Fostering and securing cyber-experts to defend the national nerve system is urgently needed.
Motohiro Tsuchiya is a professor at the Graduate School of Media and Governance and Deputy Director of the Global Security Research Institute (G-SEC) at Keio University.
Posted by japanspace on March 7, 2012
https://japanspace.wordpress.com/2012/03/07/patriotic-geeks-wanted-to-counter-a-cyber-militia/
Japan Space Policy 