Chapter 6

Cyberspace in Japan’s New Defense Strategy ¹

,

 

 

 

Since the end of the Second World War, Japan’s policies on security and defense have progressively evolved, while still being based on the restrictive principles of the 1947 Constitution. Japan’s accession to the rank of global economic power in the 1970s, the end of the Cold War, the first Gulf War and the aftermath of 9/11 were all milestones that offered Japan the opportunity to re-examine the fine points of its alliance with the United States (US), its role in the security of the Asia-Pacific region, and its involvement in military operations abroad.

While the international environment poses new challenges for the country’s security (the pressure exerted by the growing Chinese military; the threat from North Korea; and the weakening of the US hegemony), Japan has very recently experienced a significant political change, with the rise to power of the DPJ (Democratic Party of Japan) in August 2009. The new government soon advanced a new strategy for defense, redefining its priorities. One of the characteristics of this evolution lies in the inclusion of the ‘cyberspace’ dimension in Japan’s defense strategies and military doctrines from 2010 onwards. This chapter aims to add to the debate on the directions Japan’s defense policies are taking, focusing on the contribution of the cybernetic dimension to the defense strategy. We shall examine the extent to which the treatment of cyberspace constitutes a major evolution in defense policy: does cyberspace call into question the way in which security and national defense should be viewed?

6.1. Japan’s defense policy

Japan’s defense policy is often explained by the yardstick of two theoretical approaches: realist and constructivist [GRE 11]. When Japan published the National Defense Program Guideline (NDPG) in 1976, it was a case of the school of the realist theory – a power that is militarizing. However, this militarization is not optimal and is weak, even in relation to the country’s economic resources [KAW 01]. It is therefore reasonable to wonder about the reasons for this imbalance. For the constructivists, the reasons for the State’s stance on the international scene are internal (the legal, normative, and social contexts). Thus, the institutions, social norms (anti-militaristic sentiment deeply anchored in society and the State machinery), and the Constitution render the emergence of a militarily strong Japan impossible [BER 98, KAT 96]. In the realists’ view, this imbalance has its origins in the Nippo-American alliance, with Japan relying on the US for protection from external military threats, and therefore concentrating on its economic development [KAW 01].

For the neo-realists, the reason lies in Japan’s desire to reduce the intensity of the security dilemma in the region [ATA 10]. To this end, Japan maintains its alliance with the US and retains a modest military arsenal, so as not to send a strong negative signal to the other countries in the region [KAW 01]. Japan is essentially betting on the dissuasive power of the alliance with the US, making it unlikely that a military campaign will be waged against it. Its military weakness is relative, however, as Japan has once again become a military power [LIN 03], with numerous pressures having driven the country to go beyond the limits initially imposed by the 1947 Constitution [WAN 08]:

– the US’ desire to make Japan a strong ally in the region;

– China’s growing military might;

– the rise of Japanese nationalism, inciting the country to strengthen the defense of its sovereignty;

– Japan’s desire to make its presence felt as a military actor and no longer merely as an economic or diplomatic player (international contribution).

Japan’s strategic choices are constrained by the posture of the States in the region. China’s sending of destroyers into the Gulf of Aden in Somalian waters in December 2008 confirmed that it has ambitions to project its forces far beyond its borders, to secure its own interests. In fact, China could threaten Japan [HUG 09] and destabilize the region, which justifies Japan’s remilitarization. However, the realists’ and constructivists’ views on Japanese defense complement one another rather than being mutually exclusive [DES 98]. While civil society appeared hostile to the militarization of the country, it has come to be in favor of an affirmation of Japan’s role on the international stage, and its restoration to the status of a ‘normal’ country, ‘like any other’, thus supporting a new phase of militarization that is crucial to that position (thereby rejoining the principles of realism) [HUG 04, PYL 07].

Since the mid-1970s, consideration of the security dilemma and the economic stakes (i.e. how to remain an economic power) has characterized Japan’s posture in terms of defense [KAW 01]. For instance, this results in the need for Japan to maintain its economic relations with China, in order to maintain its economic prosperity; and the need to monitor China’s growing military power [CHE 11]. Security in the region is essentially guided by a logical balance between powers and not of regional integration [ATA 10].

At the end of the Second World War, the international community wished to impose conditions on Japan such that it would never again be able to become a threat to peace. To this end, its capability and any vague notion of waging war had to be completely obliterated. Restrictive principles were written into the 1947 Constitution. In 1950, the American troops stationed in Japan were deployed to Korea, forcing Japan to build up its own forces to ensure its defense (creating the National Police Reserve). The peace treaty signed in 1951, known as the Treaty of San Francisco, was a bilateral security agreement, formalizing a Nippo-American alliance, which was considered essential to Japan’s security at the time. In the context of its alliance with the US, Japan has continuously been providing assistance ever since, particularly in the war efforts in Korea and Vietnam; then in the war on terror by deploying its naval forces in the Indian Ocean (November 2001) to provide logistical support to the American troops engaged in Operation Enduring Freedom; and later in Iraq and Kuwait, in reconstruction missions. The principles of Japan’s defense were set out in the Basic Policies for National Defense in May 1957, which laid the foundations for the formation of the Self Defense Forces (SDF). Its military capabilities were expanded at the occasion of subsequent plans (1962, then 1967).

Up until the mid-1970s, Japan depended almost entirely on the US for protection. Then Japan reformulated its defense strategy. A military doctrine, the National Defense Program Guidelines (NDPG) was published in 1976 during the Cold War. In 1989 the cards had to be re-dealt, with the common enemy – the Soviet Union – disappearing. New challenges appeared: the North Korean threat and the emergence of China as a power. In 1992 the Japanese government passed a law authorizing the deployment of its national forces for peacekeeping operations.

This change was due to Japan’s desire to contribute to international security, and also a way of getting around the limitations of the Constitution (which forbade the redeployment of Japanese troops abroad). This contribution was and still is significant, because it enabled Japan to exert military influence on the international stage, rather than just having economic or diplomatic sway. The NDPG was updated in 1995 (New National Defense Program Guideline); a new version was published in 2004, and the latest incarnation was published on December 17, 2010, with the title National Defense Program Guideline for FY¹ 2011 and Beyond. During the 2001–2006 period (under Junichiro Koizumi’s government), Japan still firmly supported the US in its role to guarantee security in the Asia-Pacific region. Prime Minister Abe Shinzo’s government resolutely subscribed to the strategy of reinforcing links with the US, as well as with NATO, Australia and India, with the implicit intention of counteracting China’s rise [HUG 09]. Japan and the US perceived a common threat (from China and North Korea) and shared their beliefs as to what means should be used to respond to security threats [ATA 10].

Nippo-American cooperation in terms of defense was reinforced, with the American-designed program to install anti-missile systems between 2003 and 2007, which heightened the security dilemma in the region. This strengthening of links had the result of worsening Sino-Japanese relations, with Beijing viewing Japan as a spy for the US, and the Nippo-American alliance as a common enterprise intended to halt the growth of Chinese power in the region [ATA 10, HUG 09]. Although it was in line with that of the US, this Japanese international policy was also interpreted as a bid for a certain degree of independence, Japan aspiring to establish and consolidate a national identity on the international scene [GRE 01].

During the course of its evolution, the priorities of Japan’s defense policy have been constantly changing. The 2003 White Paper on Defense deemed it necessary to concentrate efforts on the struggle against terrorism and ballistic missiles, and to adjust the budgets to these priorities – budgets that had thus far been aimed at defending against invasions, which had become an unlikely eventuality in any case because of the alliance with the US. In 2004, the new military doctrine (the NDPG)² was aimed at giving Japan the opportunity to contribute to international, rather than merely regional, security. On January 9, 2007, the Japan Defense Agency became the Ministry of Defense, although this did not mark a genuinely new departure in Japan’s defense policy [WAN 08]. In 2008, in response to North Korea’s launch of a missile two years earlier, Fukuda Yasuo’s government passed a law authorizing Japan to use space for defensive means, and thus to launch missile detection satellites.

The political change of 2009 (with the DPJ entering office) marked a turning point in Japan’s security policy. Hatoyama’s government put an end to the presence of Japanese naval forces in the Indian Ocean, was reticent to involve the SDF in forceful operations and recalibrated the defense strategy towards protecting the national territory, reinforcing the antimissile defense program, commissioning the construction of new submarines, strengthening the defense of the Japanese islands in the south-west of the archipelago and increasing the capacities of the units deployed in Okinawa.

Japan’s defense policy is greatly constrained by its regional environment, pressure from China whose military strategy is deemed to be opaque³, and from North Korea, which has held a provocative stance since the 1990s. Sino-Japanese relations have improved since 2007, both in political and military terms. Prime Minister Fukuda made Japan’s diplomacy in Asia a priority, and chose to strengthen links with China. This policy of reinforcing partnerships in the region also characterized the diplomacy of Prime Minister Hatoyama’s government. However, despite the warming of relations, China is regularly identified as the source of cyber-attacks suffered by Japan in recent years.

The military doctrine evolved in terms of its priorities, particularly as regards the type of attacks Japan must be prepared for. The NDPG in 2011 abandoned the distinction between peacetime and wartime, estimating that threats will come from new forms of actions that are not necessarily related to wars or to major combats (e.g. China’s invasion of Mischief Reef in 1995, placing the Philippines in a situation that could not be reversed without the danger of a significant conflict). In order to dissuade potential aggressors, Japan proposed to restructure the SDF, replacing the concept of basic defense capability with that of dynamic defense, placing the forces of the SDF on a permanent state of alert, with capacity for immediate intervention, and therefore more mobile and reactive forces. It is into this context of evolution of the security policy that the ‘cyberspace’ dimension is introduced.

6.2. Cyberspace in Japan’s defense strategy

6.2.1. The context

6.2.1.1. Cyberspace and Japan

According to the questions raised at a conference held in Tokyo in 2010 [AIZ 10], Japan, by its isolated nature, would have difficulty finding its place in a globalized, multicultural, multilingual space, and therefore in cyberspace. The topology of the World Wide Web is US-centered. Networks run from Europe to the US via the Atlantic and from Asia to the US via cables in the Pacific Ocean, but there is no direct link between Asia and Europe. Thus, like Asia, Japan is primarily connected to the US. Cyberspace is American-centered. Japan, which has long been a second world power, and has always had a moderate presence in cyberspace. In particular, this is for linguistic reasons, with the Japanese language being rarely found on the Web – a phenomenon that is currently increasing with the accession of a great many countries to the world of networks and communications. Having been centered in America, the center of gravity for cyberspace is gradually shifting towards China, condemning Japan to continue to play a small part. The Chinese market is so attractive, so powerful, that today the international community sometimes bows to China’s wishes and constraints: the International Telecommunications Union has adjusted its standards to China [AIZ 10].

The Internet was introduced into Japan in the mid-1980s, in the form of the experimental network JUNET, which initially linked Tokyo’s three universities to Usenet in the US [AIZ 98]. The development of the Internet in Japan is not limited purely to the military domain. Japan, a country that inspires science fiction writers (part of the action in W. Gibson’s novel Neuromancer, which was published in 1984 and introduces the term ‘cyberspace’, takes place in Japan [GIB 84]), is not, however, one of the most dynamic when it comes to the development of this technology. The Internet’s introduction into society took place relatively slowly: in 1999, only 25% of Japanese people owned a personal computer; only 20% of the population had access to a low-throughput and high-cost Internet [HAY 11]. In 2003 the situation had already evolved quickly, as 40% of the population had access to high-capacity Internet. This can be explained by the entry of the NTT (Nippon Telegraph and Telephone Corporation) operator into the arena. Today, Japan has the fastest Internet connections, benefiting from more up-to-date fiber-optic infrastructures or copper networks than in other countries, particularly the US. In 2011, the Japanese population stood at 126 million, including 101 million Internet users, equating to an Internet penetration rate of 80%, and 10% of users in the Asiatic region (for a population that only represents 3.2% of the region).

Japan, along with South Korea (which had an Internet penetration rate of 82.7% in 2011), Singapore (77%), Taiwan (70%) and Hong Kong (67%), is one of the countries most open to the Internet in the Asiatic region. With 200,147,823 Internet protocol (IP) addresses counted at the beginning of 2012⁴, Japan is 4th in the world, behind the US, China and the UK, out of a total of 246 countries (5.7% of the worldwide total). The .jp domain is used by 2.1% of sites in the world – even more than .cn, which only totals 1.6%⁵.

The cell telephone penetration rate was 95% in 2010 (compared to 64% in China, 105% in South Korea, 119% in Taiwan, 145% in Singapore and 195% in Hong Kong)⁶, which is only slightly higher than the global average of 90%.

6.2.1.2. Japan as a victim of cyber-attacks

In July 2010, the company SecureWorks published the results of its investigations aimed at defining the countries most vulnerable to online cyber-attacks.⁷ It emerged from this study (which classifies 16 countries) that Japan suffers a lower-than-average threat: 214 attempts at cyber-attacks per 1,000 machines (21.4%); when the average is 62.54%.

The recent, well-publicized cyber-attacks highlight that Japan, for many reasons, is a prime target for cyber-aggressors the world over:

– it is a high-tech country (and therefore its computers contain top-drawer technological, scientific and industrial secrets);

– it is a global economic power (altering its cyberspace would disrupt the function of that power);

– it is an ally of the US (itself the main international target of cyber-attacks);

– its networks are certainly no better protected than those of other nations; and

– it has economic and political adversaries who may resort to cyberspace to exert pressure upon it (China, North Korea, economic rivals, etc.).

Between 2000 and 2010, large enterprises and government agencies suffered multiple attacks and security incidents (losses and thefts of sensitive data):

– in 2006, NTT and KDDI lost nearly 6 million clients’ data;

– also in 2006, confidential information was stolen from the computer of an officer in charge of communications on the destroyer Asayuki and distributed via peer-to-peer (P2P) platforms;

– confidential data (passwords to access secure areas) were revealed via the Internet from the machine of a subcontractor (Mitsui) at the Misawa air base (which houses a base of the Echelon network);

– in 2007 an employee of Dai Nippon Printing stole data from 43 of the company’s commercial clients;

– in 2007 it was revealed in the press that details of police investigations in the Aichi prefecture had been stolen two years earlier from the computer of a police officer;

– the same kind of incident occurred in 2007 with the Tokyo police, with the theft from a police officer’s computer of the names and addresses of members of the yakuza organization Yamaguchi-gumi, and the identifying data of 12,000 people involved in criminal enquiries⁸.

During 2010, cyber-attacks were directed at Sony, resulting in the theft of the personal data of 77 million PlayStation Network users and 25 million users of its PC Network.

In September 2011, two industrial groups in the defense sector claimed they had been victims of cyber-attacks of (at least officially) unidentified origin:

– Mitsubishi Heavy Industries, which builds the F-15 and F-16 Mirages, the AIM-7 Sparrow air-to-air missile systems, and Patriot antimissile systems. The company is the foremost contractor for the Japanese Ministry of Defense, accounting for one-quarter of its expenses⁹.

– IHI, a producer of engines for fighter planes and containment structures for nuclear reactors.

The Ministry of Defense launched an enquiry, demanding a severe sanction and the cancelation of the contracts with the companies affected, for a breach of security. Mitsubishi had already been the victim of similar incidents in 2003 and 2006, when information relating to hunter aircraft and nuclear power plant reactors were pirated. The Ministry of Defense enquiry showed that 83 of the company’s computers and servers in 11 different locations were infected by 50 different viruses. As per usual, the company began by denying the loss of confidential information¹⁰; then, under pressure from the authorities and from the enquiry, had to admit that sensitive information had probably been accessed – particularly information relating to the development of hunter airplanes, helicopters, nuclear plants and anti-earthquake systems [WIL 11b]¹¹.

Companies linked to defense are major targets, but the victims also include ministries, State agencies, official institutions and politicians. Several attacks against ministries have come to light¹². The websites of the National Personnel Authority, the Cabinet Office and a video broadcasting service were affected [RYA 05]. In early November 2011, the press revealed that the Japanese Parliament (more specifically, the Upper House), had suffered cyber-attacks originating from servers in China [WIL 10] – the same type of attack as had affected the Lower House the week before. Numerous infected e-mails were circulating within that institution. Over the preceding months, lots of Japanese diplomatic posts the world over had been the object of cyber-attacks. According to police, a call was launched in China to attack Japanese sites on the occasion of the 80th anniversary of the Mandchoury incidents in 1931 (the invasion of China by Japan).

Thus, the authors of the attacks may just as well be hacktivists moved by nationalistic ideas, by an anti-Japanese sentiment; hackers searching for saleable information; or State actors (information gathering). Indications and suspicions point to China, without any evidence ever having come to light of the Chinese State’s involvement in these actions. The defense industry is an obvious target. It is impossible to know whether the aggressors are specifically targeting Japan in these actions or whether they are aimed at all the world’s armament industries; whether the objective is to destabilize Japanese-American relations or American interests worldwide by way of their industrial partners. The effects are many-splendored.

In July 2011, attacks against Toshiba compromised the details of 7,500 customers. During the night of July 10–11, 2011, the website of Japan’s National Police Agency was subject to a DDoS (distributed denial of service) attack launched from China [HAY 11].

In November 2011, it was learnt that the Fujitsu Ltd. servers, which were connected to a network of over 200 regional governments in Honshu and Kyushu had been victims of cyber-attacks¹³. Online administrative services were paralyzed, as they became victims of DDoS attacks. Most of the IP addresses used in the attack were Japanese.

In January 2012, Japan’s space agency was attacked¹⁴. Data relating to the international space station was the target¹⁵. The attacks sent data to servers located in China.¹⁶

The cyber-attacks that were publicized in the media have the political or industrial nature of their victims in common, and the often-international scope of those victims’ activities. The implications of the attacks extend beyond Japanese territory. The image of the companies is tarnished and Japan’s reputation for seriousness and quality is damaged. The idea of increased risk is associated with Japan.

While the history of security incidents in Japanese cyberspace is very eventful, paradoxically it was not until December 2010 that the government made it a crime to create and distribute viruses, carrying a prison sentence (three years of prison, and a ¥500,000 fine). The government has put structures in place whose mission is to work towards securing the State’s information systems [ISP 06, ISP 09]. However, only recently has the ‘cyber-defense’ dimension per se become part of the defense policy – even though the SDF have integrated the concepts and tools of ‘information warfare’ and network-centric warfare into their strategies [YAM 05].

6.2.2. Cyberspace in security and defense policies

One of the innovative characteristics of the defense policy of the new party that has been in power since 2009 is the introduction of the specific dimension of cyber-defense. Since 2010, cyberspace as a new problem has been a part of strategic thinking. The new defense policy is formalized in a number of texts:

– Information Security Strategy for Protecting the Nation¹⁷ (published May 11, 2010).

– Japan’s Visions for Future Security and Defense Capabilities in the New Era: Toward a Peace-creating Nation [COU 10]¹⁸, published August 27, 2010 by the New Council on Security and Defense, led by Shigetaka Sato, the CEO of Keihan Electric Railway.

– National Defense Program Guideline for FY 2011 and Beyond – NDPG 2011¹⁹, published December 17, 2010.

– The Mid-Term Defense Program (FY 2011–2015)²⁰, published December 17, 2010, echoes the terms and outlines of the program defined in the National Defense Program Guideline for FY 2011, also validated December 17, 2010.

– Defense of Japan 2010 (Annual White Paper).²¹ Before 2010 (see 2005²², 2006²³, 2007²⁴, 2008²⁵ and 2009²⁶) the successive versions of the White Paper on defense did not deal with cyberspace, cyber-security/cyber-defense and cyberwarfare. It was only in 2010 that the problem was introduced, discussed briefly in the chapter entitled “Trends concerning cyberwarfare capabilities” (Part I, Chapter I, section 3)²⁷. The cybernetic issue appeared as third on the list of priorities, after weapons of mass destruction and terrorism.

– Defense of Japan 2011 (Annual White Paper).²⁸ It is in the 2011 publication that cyberspace is given its full dues. The White Paper opens directly with considerations relating to cyberspace. In the first part, entitled “Security Environment Surrounding Japan”²⁹, section 1 is “Trends Concerning Cyberspace”, in Chapter 1 on “Issues in the International Community”.³⁰ This time, cyberspace is dealt with before the issue of weapons of mass destruction, international terrorism and regional conflicts.

The major axes of Japan’s defense strategy, set out in the White Paper and the Mid-Term Program Defense are threefold:

– developing means of dissuasion (to deter any aggressor from attempting to launch an attack on Japanese territory);

– reinforcing security in the Asia-Pacific region (security dilemma); and

– contributing to international security (by preserving the alliance with the US)³¹.

Cyberspace, its security and its use in a military context must serve these three objectives. Cyberspace is found at each of these three levels. The means for satellite observation, telecommunication networks, the rate of data transmission and the quality of data processing, must lend themselves to Japan’s intelligence, surveillance and reconnaissance capabilities.

The security of the region is endangered by cyber-attacks that disturb Japanese, Korean and Chinese (and other countries’) cyberspace, and by the aggressive nature of China, to which the attacks are often attributed. Securing Japanese cyberspace should contribute to the security of cyberspace as a whole, given that a weak link presents a danger for the other links.

The strategy for security and defense is techno-centered: more investment is set aside for the development of new submarines and for intelligence, surveillance and reconnaissance capabilities (satellites, modes of communication, data processing, etc.). The results of research and technology need to be integrated, and in parallel, it is a question of reducing costs, particularly in terms of personnel.

6.2.2.1. Cyberspace

The Information Security Strategy for Protecting the Nation defines⁴¹ cyberspace as a “Virtual space on the Internet or other computer systems where information is exchanged using ICT [information and communication technologies]”.

Above all, it is the place of new challenges⁴², a global commons⁴³ (the report uses the expression “international public good”⁴⁴, as it does with the sea and outer space) whose use must be assured to be stable (free access).

The NDPG 2011 also raises concerns over the threat to the accessibility of cyberspace: “Moreover, risks concerning sustained access to the seas, outer space and cyberspace have emerged as a new challenge”⁴⁵.

The first part of the 2011 White Paper, entitled Cyberspace and Security recalls the dependence of societies on cyberspace. Information and communication networks now form part of our daily lives, and cyber-attacks that affect infrastructures essential to the functioning of society constitute a serious threat, especially given that they appear to grow more complex and sophisticated every day. For the army, networks are the keystone for the functioning of the L2 operational units that cyber-attacks, as part of an asymmetric strategy, are capable of disturbing and endangering.

6.2.2.2. Cyber-attacks

Cyber-attacks have four characteristics: they are non-lethal; they can inflict serious damage; they can strike at anytime, anywhere; and it is difficult to identify the aggressors⁴⁶.

Japan’s new defense strategy was drawn up in response to the attacks suffered by Japan, but perhaps by its allies above all. The publication of the Information Security Strategy for Protecting the Nation⁴⁷ resulted from the Japanese reaction to the cyber-attacks suffered in 2009 by the US and South Korea, two of its allies. The references here are not to the attacks against Estonia in 2007, nor those carried out during the Russo-Georgian conflict in 2008.

“After the Second National Strategy on Information Security was resolved, a large-scale cyber attack took place in the United States and South Korea in July 2009. Also, numerous incidents of large-scale private information leaks occurred one after another. The large-scale cyber attack in the United States and South Korea particularly alerted Japan – where many aspects of economic activities and social life are increasingly dependent upon Information and Communication Technology (ICT) — to the fact that a threat to information security could be a threat to national security and require effective crisis management.”⁴⁸

Japan is becoming aware that a major cyber-attack (which is a likely occurrence) could constitute a threat to national security, whatever its target – whether Japan or one of its allies. Such attacks could cause physical damage to infrastructures, provoke financial losses, and have psychological repercussions and effects on the virtual environment.

Japan ranks cyber-attacks with threats that compromise its stability, as well as transnational threats, such as climate change, pollution, natural disasters, epidemics, etc. – threats that have come to substitute the risk of inter-State wars, which have become highly unlikely [COU 10].

Two pages are dedicated to the question of cyber-attacks in the 2010 White Paper, highlighting the crucial importance of the security of information systems, both for the civil sector and for defense. A number of examples of cyber-attacks as part of armed conflicts are cited: Israel/Hezbollah (2006), Israel/Hamas (2008) and Russia/Georgia (2008).

The second part of the 2011 White Paper is entitled “Threats in cyberspace”. It recalls some examples of cyber-attacks:

– those launched during the conflict between Israel and Hezbollah in 2006;

– those between Hamas and Israel in 2008;

– those employed in the Russian-Georgian conflict of 2008 (in this instance deeming the cyber-attacks to have had no effect on the functioning of the Georgian army, but merely to have disrupted the government’s communication system).

Also mentioned is the introduction of viruses into American networks in Iraq and Afghanistan in 2008. The authors also cite the attacks attributed to North Korea in 2009 and 2011. Finally, the report mentions the Stuxnet worm, underlining that it was able to infiltrate control systems.

In order to illustrate their points and characterize the threat, the various reports draw examples from the US, South Korea, Israel, Russia and Georgia, but are silent about the incidents suffered by Japan.

6.2.2.3. Cyber-defense

The Information Security Strategy for Protecting the Nation report offers a plan of response to large-scale cyber-attacks, and suggests reinforcing the defenses against cyber-attacks. In particular, this plan proposes:

– Preparing the country to cope with a crisis situation (due to a large-scale cyber-attack).

– Utilizing the tools of public/private cooperation for more efficient information sharing, in accordance with the principles seen in the Second Action Plan on Information Security Measures for Critical Infrastructures.

– Reinforcing international alliances (with the US, Association of Southeast Asian Nations ASEAN and the European Union).

– Fighting cybercrime⁴⁹.

– Consolidating the government’s network infrastructure (in particular, developing the use of encryption).

– Reinforcing the protection of critical infrastructures.

The Defense of Japan 2010 report organizes response to and protection against cyber-attacks around six pillars:

– increasing the safety of information and communication systems;

– upgrading of cyber defense systems;

– development of rules;

– human resource development;

– enhancement of information sharing; and

– research of cutting-edge technology.

In the formulation of this imperative of securitization, we can see the traces of the dilemma that faces all States: how to ensure maximum security – with all the constraints this may involve – while conserving the role that cyberspace must have, i.e. as an instrument of economic and social progress.

“Implementation of policies to strengthen national security and crisis management expertise in cyberspace must maintain integrity with the policy that is enforced under the principles of the Basic Act on the Formation of an Advanced Information and Telecommunications Network Society, which stipulates promoting the usage of ICT as the foundation of socioeconomic activities.”⁵⁰

In order to ensure stable use of cyberspace, Japan will need to reinforce its capabilities for dealing with cyber-attacks (NDPG 2011). The ways of responding to cyber-attacks⁵¹ are specified in these terms:

“The SDF will respond to cyber attacks by operating functions necessary for defending the information system of the SDF in an integrated manner. By accumulating advanced expertise and skills needed to tackle cyber attacks, the SDF will contribute to the government-wide response to cyber attacks.”

The third part of the 2011 White Paper, Efforts against Cyber Attacks, discusses initiatives that must be taken in terms of security and defense at the governmental, ministerial level. The report proposes federation, and grouping of services thus far dispersed throughout the various levels of the administration and State services.

‘Centralization’ is one of the keywords of this approach. The State does not seem able to get away from the logic of centralization of resources, which may appear to be out of phase with the principles that constitute the strength of the hackers and aggressors, who essentially rely on decentralization, the lack of a center or coordination. Japan envisages a vertical model for the governance of its security and defense, where non-State attackers expect horizontal models. It must be underlined, however, that this is not peculiar to the State of Japan. All States follow vertical schemes, where the national authority – the seat of political power – exerts a centrifugal force which, it seems, should provide a response to all problems.

Strengthening this security is also a question of the extension of the powers of the intelligence agencies that fight cyber-attacks. The difficulty of this extension lies in the limits imposed upon the actors to whom these powers will be available (the dangers being those incurred by the citizens themselves).

‘Cooperation’ is another of the keywords in this battle plan: cooperation between the public and private sectors, civilians and the military, on a national but also on an international scale⁵². This leitmotiv is reminiscent of the adage ‘strength in unity’. More than being a choice, cooperation is an absolute necessity because the battle must be fought on an international scale and because in pooling of capacities and resources there is a not-insignificant economic dimension. Cooperation often entails economy of scale and seems to justify the reduction of means. The flip-side of cooperation may be a relative loss of autonomy, with an encroachment on national sovereignty.

According to the NDPG 2011, the reinforcement of security in cyberspace will be achieved through cooperation on a regional and global scale. The problem is ranked on the same level as policies with regards to securitizing space, the oceans, or climate change. As with many international, global questions, which cannot be dealt with and resolved in an isolated manner:

“Japan will strengthen various regular cooperation, such as joint training and joint/shared usage of facilities, and promote regional and global cooperation through international peace cooperation activities, maintenance and enhancement of international public goods such as outer space, cyberspace and sea lanes, as well as in the field of climate change.”

Thus, cyber-security and cyber-defense are domains that enable a State to better its integration into the international community. Through this necessary collaboration, States make choices: Japan has opted explicitly to reinforce its relations with the European Union, the countries in Europe, and the NATO Member States⁵³.

Standardization could be one of the main axes of this policy. The 2011 White Paper underlines the absence of an international legal norm allowing cyber-attacks to be classed as acts of war and regulating military responses to be made to such acts.

In its reflections on the offensive and defensive use of cyberspace, Japan looks abroad for its examples, with a very particular emphasis on American thinking: the Cyberspace Policy Review in May 2009 (which suggests the creation of a cyber-security coordinator at the White House) and the International Strategy for Cyberspace published in May 2011 (which aims at establishing norms of behavior in cyberspace, based particularly on international cooperation, but particularly underlines the US’ desire to respond in ways including military to cyber-attacks that constitute acts of war on the nation), are the two American policy documents that particularly catch Japan’s attention. For questions relating to defense, the White Paper refers to America’s Quadrennial Defense Review, published in 2010. It also cites a document published by William J. Lynn in August 2010 that offers a framework for a cyber-defensive strategy by laying the foundations of the rules of engagement.

The Defense of Japan 2010 report has already enumerated various national initiatives in terms of cyber-defense: the creation of the US CyberCommand, the CCDCOE (in Estonia) and the Cyber Security Operations Centre in Australia. The 2011 edition is far more precise in its analysis of the situation abroad. For the UK, it cites:

– the publication of reports: the Cyber Security Strategy in June 2009 and the National Security Strategy;

– the creation of the Office of Cyber Security, pursuant to the publication of the Cyber Security Strategy in 2009 (by the Cabinet Office). The Office of Cyber Security was in charge of coordinating the government’s cyber-security strategy. This organization was later transformed into the Office of Cyber Security and Information Assurance;

– the creation of the Cyber Security Operations Centre, a subsidiary of GCHQ (Government Communications Headquarters);

– the Strategic Defence and Security Reviews published in October 2010, which opened the way to the creation of the Defence Cyber Operations Group to unify activities relating to cyberspace in the Ministry of Defence.

For Australia, it is interested in:

– the publication of the Cyber Security Strategy (November 2009) and the Defence White Paper (May 2009), which prioritizes the development of military cyber-warfare capabilities;

– the attribution of the coordination of the whole of the government’s cyber-security to the Cyber Security Policy and Coordination body;

– the creation of the Cyber Security Operations Centre in January 2010, in the Defence Department.

For South Korea, it points to:

– the publication of the National Information Protection White Paper, which insists on the necessary centralization of cyber-security questions in a national management structure; and of the 2010 Defense White Paper in December;

– the role of the National Intelligence Service, which coordinates cyber-security policies;

– the role of the Defense Information Warfare Response Center, which protects military networks;

– the creation of Cyberspace Command, in January 2010, a subsidiary of the Defense Intelligence Agency, which implements cyber-warfare capacities.

China⁵⁴ is developing offensive capabilities in space (destruction of satellites, for example), and capabilities for cyber-warfare.

With regard to NATO, the report highlights the publication of the New Strategic Concept in November 2010; the creation of the Emerging Security Challenges Division in August 2010; the Cyber Defense Management Authority and of the CCDCOE in 2008.

This official literature and these strategic decisions constitute the reference corpus for Japanese strategic and political thinking in terms of defense. This strategy, therefore, is largely inspired by English-speaking foreign countries.

Responses to cyber-attacks are now clearly written into the missions of the armed forces⁵⁵. The responses to cyber-attacks are dealt with more particularly in Chapter I, “Operations of Japan’s Self Defense Forces”⁵⁶ of Part III: these responses are organized around the Ministry of Defense and the SDF. Those responses which have to be integrated necessitate the deployment of adapted means. In March 2011, the post of Deputy Head, C4 Systems Planning Division (cyber) was created within the Ministry of Defense, with the mission of reflecting on strategies for response. A dedicated cyber-defense unit was also created. Training and research programs in the domain also have to be developed in the National Defense Academy of Japan.

The Mid-Term Defense Program 2011 integrates the reinforcement of the security of the SDF’s networks into the defense budget, increasing research efforts and security exercises⁵⁷ (particularly with the American ally); training will play an important part in developing the capacities of the army. This effort is part of the structural reform under way within the Japanese army, and proposes, among other things, to recruit some younger personnel⁵⁸.

6.2.2.4. Cyber-warfare

One of the chapters of the 2010 White Paper is entitled “Trends Concerning Cyber Warfare Capabilities”⁵⁹: cyber-warfare covers military operations carried out in cyberspace. Thus, cyber-warfare stems from the policies and strategies of defense. Without going into what measures Japan has taken in the past or will take in the future, the report lists the initiatives taken in the matter (strategies, creation of dedicated units in the armed forces) by a number of countries (the US, NATO countries, Australia⁶⁰ and South Korea⁶¹). In view of the army’s dependency on information and communication systems, cyber-attacks are qualified as an ‘asymmetrical strategy’⁶² that allows the enemy’s weak points to be exploited and their strong points to be weakened. In fact, the armed forces may be subject to attack both in wartime and in peacetime.

The 2011 White Paper discusses cyber-warfare, but without dedicating an entire chapter to it, as was done the previous year. It is interested in the priority given to cyber-warfare in the defense policies of the US, Korea, Australia and even China. It highlights the advantage of this for the issue, owing to the importance of information and information space⁶³. Japan’s international environment makes cyber-warfare one of the priorities of its defense strategies.

6.2.2.5. Mobility, reactivity, rapidity, technology, intelligence, surveillance and reconnaissance capabilities

The National Defense Program Guideline for FY 2011 and Beyond⁶⁴ is the expression of the new defense policy of Naoto Kan’s government. Its approach lies in prolonging the policies pursued by its predecessors [NIS 11] in the Liberal Democratic Party governments. However, on some points, the strategy is a new departure: particularly in:

– designating China as a source of major concern;

– reallocating resources to the naval forces to the detriment of land forces (in view of the pressure exerted by China in the maritime domain); and

– finally proposing the new concept of ‘dynamic defense’, which consists of deploying forces to priority areas of Japan and readying them for asymmetrical missions.

The reason for this is the absence of a precise definition of the threats, so the forces have to be ready to deal with any situation. The report introduces the notions of ‘dynamic defense capabilities’ and ‘dynamic defense force’, which replace the concept of ‘basic defense force’. The security challenges have evolved – more dynamic, flexible forces are needed because reaction times are shorter, particularly because of progress in military technologies.

One of the major concerns relates to improving the capacity to see, to know and to react, ever faster. Speed (of detection, reaction or action) is one of the key factors in the strategy of defense of the territory. It is of the essence, in view of the geographic proximity of the threats: China and North Korea are not far at all from Japanese territory. This rapidity in detection and reaction relies essentially on technology: intelligence, surveillance and reconnaissance capabilities (observation satellites, systems for detection, transmission and interception of communications), information processing systems and the decision-making process have to be optimized. Communication capabilities must be kept optimal at every level of the L2s.

Significant alterations in Japanese cyberspace would endanger this entire edifice of security/defense. The securitization of cyberspace thus lies in the process of reinforcing capabilities of intelligence, satellite observation and threat detection⁶⁵, which are the foundations of the new policy for defense of the territory. Maintaining control over the flow of information is vital for the country’s security. Hence, the redefinition of priorities naturally led to the introduction of cyberspace into the implementation of a techno-centric security and defense policy.

Table 6.3. Ministry of Defense provisional budget for 2012. Funds allocated to cyber-defense with the objective of enhancing the capability for effective response to cyber attacks by strengthening the cyber-defense system

Priority	Provisional budget 2012
Strengthen cyber planning functions of the Joint Staff Office to respond to increasing threat of cyber attacks	-
Strengthen training support functions of the SDFC4 (Command, Control, Communication and Computers) Systems Command in order to improve capability concerning the cyber protection of each SDF group	-
Strengthen the function of the Defense Intelligence Headquarters, which exclusively collects and analyzes information concerning overseas cases of cyber attacks over the long term	-
Human resource development initiatives to defend against cyber attacks Dispatch personnel to study at Japanese and overseas graduate schools, such as Carnegie66	-

Table 6.3. (Continued) Ministry of Defense provisional budget for 2012. Funds allocated to cyber-defense with the objective of enhancing the capability for effective response to cyber attacks by strengthening the cyber-defense system⁶⁸

Enhancement of partnership with the US Participate in Japan-US IT Forum	-
Strengthening of security and analysis devices (device equipped with information collection, analysis and response exercise functions concerning cyber-attacks) for cyber-defense67	0.2 billion (Yen)
Research aimed at cyber-attack response. Research and study on the latest technological developments concerning information assurance	20 million (Yen)
Improvement of information sharing capability of vessels and improvement of satellite communication capability	0.9 billion (Yen)
Space programs, enhancement of C4ISR capability, satellite communication, imagery	260.9 billion (Yen)

6.3. Conclusion

Japan is defining a defense strategy that integrates cyberspace and is aimed at defending the national territory. However, this policy cannot be a strictly national one: in the sense that cyberspace extends massively beyond Japan’s borders, being the point of entry for unconventional kinds of attacks, international cooperation becomes an absolute necessity, especially with its American ally. In this effort to define a defense policy that takes account of the cybernetic dimension, the government is looking abroad to a great extent: it is drawing inspiration from the practices of its allies (US, Australia, Europe and NATO), and grounding its action in the context of international cooperation. The defense model that Japan is in the process of drawing up is based on the thinking and approach of the American system.

It must be underlined that in the various official reports, there is silence from Japan about the incidents relating to the security of its own networks. However, there are plenty of examples that are certainly no less serious than the attacks suffered by the US and South Korea in 2009. Could it be that this attitude reflects a certain reticence on the part of the Japanese government to recognize its own weaknesses?

The reports prove relatively vague as regards the nature of the aggressors likely to strike Japan. The discourse appears to take place at the level of conflict between States, State actors, and conventional armies who are arming themselves with cyberwarfare capacities in order to skirmish in cyberspace just as they do in the real world. However, this approach seems to ignore the multiplicity of forms of the threat:

– from ordinary crime, but whose accomplishments are capable of upsetting the economy and the normal function of networks and access to cyberspace;

– to hacktivists, non-State actors whose aggressive capabilities are significant (is the anonymous strikeforce negligible in terms of defense?); and

– through organized crime.

This variety of non-state threats is not taken into account in the defense policy. Is Japan’s response in terms of cyber-security and the use of cyberspace in defense really apt for the reality of the world? Defense is still thought of in a conventional manner in terms of conflicts with other States. The threat comes also from non-State actors – it is horizontal (attacks carried out over networks and organized spontaneously). Japan’s policy sets a centralized defense against it, although it is supposed to be dynamic, evolving, adaptive and flexible; a vertical model, made up of institutions, national and international norms, and a State machine that is cumbersome and therefore slow to mobilize. (It is a question of training, raising awareness, educating… and thus a process that will take time.)

Japan has realized that a great many States are developing offensive capacities in cyberspace ⁶⁹, and that ideas, examples and models can be drawn from this. However, this also means that Japan is surrounded by nations ready to pounce on it in cyberspace. Thus, there is also a new sort of armament race that has begun. If Japan is involved too, it means that its defense policy is guided by international considerations, that it too must arm itself to ensure the defense of its sovereignty on the global scene. The defense policy including cyberspace thus lends itself to a realistic analysis.

While in the real world the cards are dealt according to the superpowers (US and China), politics in cyberspace puts these cards back on the table. The American hegemony is not as strong; the US cannot guarantee the accessibility of cyberspace, security and peace in the way it does in the real world; the US is no longer able to hold the keys to the “global commons” on its own, and to ensure its free usage in the rest of the world. Cyberspace is part of these global commons. The decline of the hegemonic power results in a more unstable environment, or at any rate a more threatening one, where actors are demanding new powers and can stand up against the will of the superpower, e.g. by obstructing the development of military forces in the oceans, destroying satellites or launching cyber-attacks. For Japan, the deterioration of access to the “global commons” is a danger [COU 10]⁷⁰. Japan is watching the military development of China, one of the actors capable of threatening that accessibility, with concern.

Faced with these threats, Japan is edifying itself with defensive measures. However, the strengthening of its capabilities, which are officially only ever to be used for defensive means, is aggravating the security dilemma. It is because other countries are improving their capabilities that Japan feels the need to do likewise. No longer can the government ignore the resolutely militaristic stance of numerous countries in terms of cyber-attacks; therefore it not only has to equip itself with means of protection, but also of counter-attack [COU 10]⁷¹. This is particularly important in terms of preventing cyber-attacks that could be launched in combination with conventional military assaults (e.g. attacks carried out by special operative forces, directed at critical infrastructures and accompanied or preceded by cyber-attacks).

Japan must learn to anticipate and manage cyber-attacks intended to cause it profound damage, but also attacks that could be provocations, such as the operations carried out by China or North Korea on other territories. The Chinese military, for example, came dangerously close to the Japanese coasts in 2004 when a Chinese submarine entered Japanese waters. In August 1998, North Korea carried out missile launch tests over the island of Honshu. The recent cyber-attacks, attributed – rightly or wrongly – to China and North Korea pose a new challenge for Japan. Could rigorously respecting the Constitution prevent the mounting of a cyber-defense that would inflict blows on foreign territory remotely, without the deployment of defensive forces?

Japan has to maintain its pacifistic stance, and not show the slightest militaristic intention [YIN 08, SZE 06]. In its process of militarizing cyberspace it cannot give too many signals that could be interpreted badly, but must, nonetheless, arm itself in order to defend itself. Japan has to be able to defend itself on its own if attacked, but it cannot do so by way of any sort of armament.

According to an article published in the newspaper Yomiuri Shimbun in 2012, the Defense Ministry’s Technical Research and Development Institute, responsible for the development of weaponry, awarded a subcontract to Fujitsu Ltd to create a technological solution (a weapon) capable of neutralizing cyber-attacks, tracing their paths and identifying their sources. Results are being tested, following a project carried out over three years and having cost more than $2 million. The main problem that the existence of this tool throws up is legalistic in nature: does Japan have the right to use such a solution? If so, when, how and under what circumstances? Indeed, the process is likely to damage machines and networks situated outside its territory. For the moment, cyber-attacks merely form part of the threats that authorize Japan to exercise its right to self-defense. If such ‘weapons’ could not be used to pursue the trail of the attacks beyond the national territory, they would no longer hold any interest. Thus, it is the very definition of a ‘weapon’ that has to be reconsidered.

The same questions are being raised as in 2000 when Japan was (already) exploring the idea of developing viruses and hacking technologies to test its own defenses [YOM 00]: it had already been concluded that to possess such weapons would contravene the principles of the Constitution, which forbids Japan from having strategic weapons [YIN 08]. While Japan had to renounce war as a sovereign right, the Constitution of 1947 (particularly Article IX thereof) raises no objection to Japan’s right to defend itself against any foreign invasion. This right to legitimate defense vindicates the implementation of sufficient capacities. Cyberspace poses singular challenges to Japan.

The neo-realists believe that States are encouraged by the pressure of international anarchy to develop offensive weapons in anticipation of the worst-case scenario. Cyber-defense involves adopting a defensive stance: the issue of offensive weapons in this area does not yet exist in Japan. However, the other components are present: international anarchy – or at least anarchy in the international system that is cyberspace – with the entrance onto the scene of actors who do not represent a State, and cannot be controlled, identified or located. Japan’s efforts, like those of many other nations, to pin the blame for the attacks on somebody are not only intended to enable reprisals to be carried out or that party to be pursued. They are also intended to reassure, and give the impression that some degree of control is finally being gained over the problem, and that all is not as elusive as it seems in cyberspace. In terms of the worst-case scenario, it is the same as the strategies of all modern and industrialized states who fear major cyber-attacks with devastating effects. It is to defend itself against attacks on critical infrastructures (which would indeed be the worst-case scenario) that Japan is intensifying its efforts in terms of cyber-defense. However, it may also be due to influence or to international pressure: this pressure not only gives rise to attacks but also encourages States to secure their systems, for a cyberspace that is common, in which the weaknesses of one become those of the others – an international system in which numerous States equip themselves with civil and military cyber-units for security and defense. If it is not to be left behind in the comity of nations, Japan cannot remain silent and inactive on the subject.

6.4. Bibliography

[AIZ 98] AIZU I., Internet in Japan in Asian Context, ANR, November 1998, available at: http://www.anr.org/web/html/archive/old/html/output/98/PAN98_e.htm.

[AIZ 10] AIZU I., Tokyo Workshop for a Future Internet, report from the conference Keoi University, Tokyo, Japan, May 2010, available at http://www.internetfutures.eu/wp-content/uploads/2010/04/tokyo-workshop-report.pdf

[ATA 10] ATANASSOVA-CORNELIS E., The US-Japan Alliance and the Rise of China: Implications for the East Asian Security Order and the EU’s Regional Role, K.U. Leuven, Belgium, May 2010.

[BER 98] BERGER T., Cultures of Antimilitarism, Baltimore, MD, John Hopkins University Press, 1998.

[CHE 11] CHEN C.S., Japanese Strategy and Response to the Rise of China, Fu Hsing Kang College, Taiwan, March 2011.

[COU 10] THE COUNCIL ON SECURITY AND DEFENSE CAPABILITIES IN THE NEW ERA, Japan’s Visions for Future Security and Defense capabilities in the new era: toward a peace-creating nation, CSDCNE, Tokyo, Japan, August 2010, available at: http://www.kantei.go.jp/jp/singi/shin-ampobouei2010/houkokusyo_e.pdf.

[DES 98] DESCH M., “Culture clash: Assessing the Importance of Ideas in Security Study”, International Security, vol. 23, no. 1, pp. 141–170, MIT Press, 1998.

[GIB 84] GIBSON W., Neuromancer, Ace Books, New York, 1984.

[GRE 01] GREEN M.J. Japan’s Reluctant Realism: Foreign Policy Challenges in an Era of Uncertain Power, Palgrave Macmillan, 2001.

[GRE 11] GREEN H.S., Strategies vs Norms: An Assessment of Theories to Explain Japan’s Security Policy, TOYO, Japan, March 2011, available at: http://www.toyo.ac.jp/law/pblsh/toyo/pdf54-3/0216.pdf.

[HAY 11] HAYS J., Internet in Japan: Blogs, Rakuten, Broadband, Viruses, Facebook, Mixi and Gree, Facts and Details, October 2011, available at: http://factsanddetails.com/japan.php?itemid=724&catid=20&subcatid=133.

[HUG 04] HUGHES C.W., Japan’s Re-emergence as a ‘Normal’ Military Power, Oxford University Press, Oxford, 2004.

[HUG 09] HUGHES C.W., “Japan’s military modernisation: A quiet Japan-China arms race and global power projection”, Asia-Pacific Review, vol.16, no. 1, pp. 84–89, 2009.

[ISP 06] INFORMATION SECURITY POLICY COUNCIL, The First National Strategy on Information Security, Toward the Realization of a Trustworthy Society, ISPC, Tokyo, Japan, February 2, 2006.

[ISP 09] INFORMATION SECURITY POLICY COUNCIL, Secure Japan 2009, ISPC, Tokyo, Japan, June 22, 2009, available at: http://www.nisc.go.jp/eng/pdf/sj2009_eng.pdf.

[KAT 96] KATZENSTEIN P., Cultural Norms and National Security, Cornell University Press, Ithaca, NY, USA, 1996.

[KAW 01] KAWASAKI T., “Postclassical realism and Japanese security policy”, The Pacific Review, vol. 14, no. 2, pp.221–240, 2001.

[LIN 03] LIND J., Continuity and change in Japanese Security Policy: Testing Theories of International Relations, Department of Political Science, MIT, USA, November 12, 2003, available at: http://web.mit.edu/ssp/seminars/wed_archives03fall/lind.htm.

[NIS 11] NISHIHARA M., Japan’s Defense Policy and the Asia-Pacific Region, Japan, March 30, 2011, available at: http://www.ca.emb-japan.go.jp/2011_shared_images/Cultural%20Events/nishihara_lecture_text.pdf.

[PYL 07] PYLE K.B., Japan Rising: The Resurgence of Japanese Power and Purpose, Public Affairs Books, New York, 2007.

[RYA 11] RYALL J., “Japan targeted by cyber attacks ‘from China’”, Telegraph, September 20 2011, available at: http://www.telegraph.co.uk/news/worldnews/asia/japan/8775635/Japan-targeted-by-cyber-attacks-from-China.html.

[SZE 06] SZECHENYI N, “A turning point for Japan’s Self-Defense Forces”, The Washington Quarterly, vol. 29, no. 4, pp.139–150, 2006.

[WAN 08] WANG K., “Japan’s defense policy, strengthening conventional offensive capability”, Journal of East Asian Affairs, vol.8, no. 1, pp. 87–89, 2008.

[WIL 11a] WILSON D., “Japanese Parliament is under cyber attack”, The Inquirer, November 2, 2011, available at: http://www.theinquirer.net/inquirer/news/2121964/japanese-parliament-cyber-attack.

[WIL 11b] WILSON D., “Warplane and nuclear plant data were at risk in Mitsubishi Heavy Attack”, The Inquirer, October 15, 2011, available at: http://www.theinquirer.net/inquirer/news/2119850/warplane-nuclear-plant-stolen-mitsubishi-heavy-attack.

[YAM 05] YAMAKURA Y., Network Centric Warfare: its Implications for Japan’s Self-Defense Force, Japan Air Self Defense Force, Japan, August 18, 2005.

[YIN 08] YIN J., TAYLOR P.M., “Information operations from an Asian perspective: A comparative analysis, Journal of Information Warfare, vol. 7, no. 1, pp. 1–23, 2008.

[YOM 00] YOMIURI SHINBUN., Defense Agency Considers Developing Cyber Weapons, article of October 23, 2000.

 

 

1 Chapter written by Daniel VENTRE.

1 FY: Fiscal Year.

2 Prime Minister of Japan and his Cabinet, National Defense Program Guideline for FY 2005 and Beyond, 2004, http://www.kantei.go.jp/foreign/policy/2004/1210taikou_e.html.

3 Ministry of Defense, Defence of Japan (Annual White Paper), Tokyo, Japan, 2009, http://www.mod.gov.jp/e/publ/w_paper/2009.html.

4 http://www.domaintools.com/internet-statistics/country-ip-counts.html.

5 Statistics accessed February 11, 2012 on http://w3techs.com/technologies/overview/top_level_domain/all.

6 http://www.itu.int/ITU-D/ict/statistics/material/excel/2010/MobileCellularSubscriptions_00-10.xls. Data collected February 11, 2012.

7 http://www.techdigest.tv/2010/07/secureworks_wor.html.

8 http://www.theregister.co.uk/2007/07/20/japan_p2p_leak_cop_fired/.

9 The budget of contracts given to Mitsubishi Heavy Industries is equivalent to $3.4 billion, according to the figures published in Mitsubishi Heavy Industries Hacked: Japan Defense Industry’s First Cyberattack, September 19, 2011: http://www.huffingtonpost.com/2011/09/19mitsubishi-heavy-industries-hack_n_969427.html.

10 Cyberattaque contre deux groupes de défense japonais (Cyberattack against two Japanese defense groups), Reuters, 20 September 2011: http://fr.news.yahoo.com/cyber-attaque-contre-deux-groupes-d%C3%A9fense-japonais-063833967.html.

11 The Ministry of Defense obliges its contractors to inform it promptly of any incidents they suffer (thefts, losses of sensitive data, and so on). However, it seems the Ministry learnt of the incident through the press, and not directly from its contractor. “Japan Cyber attack silence may breach arms contract”, India Times, September 20, 2011: http://economictimes.indiatimes.com/news/international-business/japan-cyber-attack-silence-may-breach-arms-contracts/articleshow/10051787.cms.

12 “Japan Gov’t websites hit by cyberattacks”, Inquirer Technology, September 19, 2011, http://technology.inquirer.net/4327/japan-gov%E2%80%99t-websites-hit-by-cyberattacks%E2%80%94report/. Accessed February 23, 2012.

13 A two-wave attack, November 9, 2011.

14 http://www.ukfastnews.co.uk/internet-news/japanese-space-programme-hit-by-trojan.html.

15 http://www.infosecurity-magazine.com/view/23278/lost-in-space-japan-admits-to-breach-of-space-station-resupply-craft-data/.

16 http://www.physorg.com/news/2011-10-china-based-servers-japan-cyber.html.

17 http://www.nisc.go.jp/eng/pdf/New_Strategy_English.pdf.

18 http://www.kantei.go.jp/jp/singi/shin-ampobouei2010/houkokusyo_e.pdf.

19 http://www.mofa.go.jp/policy/security/pdfs/h23_ndpg_en.pdf.

20 http://www.mod.go.jp/e/d_act/d_policy/pdf/mid_termFY2011-15.pdf.

21 http://www.mod.go.jp/e/publ/w_paper/2010.html.

22 http://www.mod.go.jp/e/publ/w_paper/2005.html.

23 http://www.mod.go.jp/e/publ/w_paper/2006.html.

24 http://www.mod.go.jp/e/publ/w_paper/2007.html.

25 http://www.mod.go.jp/e/publ/w_paper/2008.html.

26 http://www.mod.go.jp/e/publ/w_paper/2009.html.

27 http://www.mod.go.jp/e/publ/w_paper/pdf/2010/07Part1_Chapter1_Sec3.pdf.

28 http://www.mod.go.jp/e/publ/w_paper/2011.html.

29 http://www.mod.go.jp/e/publ/w_paper/pdf/2010/07Part1_Chapter1_Sec3.pdf.

30 http://www.mod.go.jp/e/publ/w_paper/pdf/2011/04_Part1_Chapter1.pdf

31 “The Japan-U.S. Alliance remains vital for the peace and security of Japan, and the presence of the U.S. armed forces in Japan is essential to maintaining peace and stability of the region. Japan will enhance bilateral consultations and other cooperation to deepen and develop the Alliance to adapt to the evolving security environment, while actively taking measures for the smooth and effective stationing of the United States armed forces in Japan”. Mid-Term Defense Program, 2011, pp. 2.

32 http://www.mod.go.jp/trdi/en/misc/publication/mlterm/body.pdf.

33 http://techland.time.com/2011/09/20/hackers-target-japanese-weapons-maker-nuclear-power-plants/.

34 http://www.japantimes.co.jp/text/nn20111027a1.html.

35 http://www.yomiuri.co.jp/dy/national/T120102002799.htm.

36 ISSPN: Information Security Strategy for Protecting the Nation.

37 JVSF: Japan’s Vision for Future Security and Defense Capabilities in the New Era.

38 DoJ: Defense of Japan.

39 NDPG: National Defense Programme Guideline.

40 MTDP: Mid-Term Defense Program.

41 Page 20 of the report.

42 NDPG 2011, pp. 3.

43 Expression used in Defense of Japan 2011, pp. 18.

44 NDPG 2011, pp. 5.

45 http://www.mofa.go.jp/policy/security/pdfs/h23_ndpg_en.pdf, pp. 3.

46 Defense of Japan 2011.

47 http://www.nisc.go.jp/eng/pdf/New_Strategy_English.pdf.

48 Information Security Strategy for Protecting the Nation, 2010, pp. 1.

49 Cybercrimes are defined as “Crimes that utilize ICT, such as those using advanced information and communication networks (e.g. the Internet) and those targeting electromagnetic records”. Page 20 of the report.

50 Information Security Strategy for Protecting the Nation, 2010, pp. 5.

51 http://www.mofa.go.jp/policy/security/pdfs/h23_ndpg_en.pdf, pp. 11.

52 http://www.mod.go.jp/e/publ/w_paper/pdf/2011/07_Part2_Chapter2.pdf Part II, The Basics of Japan’s Defense Policy and Build-up of Defense Capability, section 2, Chapter 1, the New Security Environment.

53 http://www.mofa.go.jp/policy/security/pdfs/h23_ndpg_en.pdf, pp. 9.

54 “Military use of space and cyberwarfare capabilities”, pp. 32 of the document: http://www.mod.go.jp/e/publ/w_paper/pdf/2011/05_Part1_Chapter2.pdf.

55 Chapter 3 “Towards a new system of defense”, of Part II: http://www.mod.go.jp/e/publ/w_paper/pdf/2011/08_Part2_Chapter3.pdf.

56 http://www.mod.go.jp/e/publ/w_paper/pdf/2011/09_Part3_Chapter1.pdf.

57 Cyber-Defense Exercises – CDX.

58 Mid-Term Defense Program 2011, pp. 2, and [COU 10], pp. 43. This evolution in capacities must be accompanied by an overhaul in human resources (it is a question of recruiting younger personnel). The management of cyber-attack situations is associated with that of armed attacks and crises (such as natural disasters). In this respect, the role of those in power must also be taken into account. The 2010 report highlights the inaptness of the organization at State level to deal with such situations efficiently: the Prime Minister and his/her government should take part in exercises to prepare for the transition from a state of peace to a state of emergency. The fact that this is said implies that they do not. In addition, Japan has no equivalent to the American National Security Council. Hence, it is more vulnerable than other countries, not having capacities for defining national security strategies – which, naturally, would include cyber-security.

59 http://www.mod.go.jp/e/publ/w_paper/pdf/2010/07Part1_Chapter1_Sec3.pdf, pp. 15.

60 In its 2009 Defence White Paper, Australia makes a priority of the development of military cyberwarfare capabilities. This point is mentioned in the Defense of Japan 2011 report, pp. 26.

61 Defense of Japan, pp. 27.

62 Page 15 of the 2010 White Paper.

63 Chapter 2: Policies for State Defense, Section 3 “Military use of space and cyberwarfare capabilities”, p. 32 http://www.mod.go.jp/e/publ/w_paper/pdf/2011/05_Part1_Chapter2.pdf.

64 http://www.mofa.go.jp/policy/security/pdfs/h23_ndpg_en.pdf.

65 “Japan will promote its efforts to develop and use outer space, from the perspective of, strengthening information gathering and communications functions”: http://www.mofa.go.jp/policy/security/pdfs/h23_ndpg_en.pdf, page 3

66 A photo of Carnegie Mellon University – Software Engineering Institute illustrates this line of the program. http://www.mod.go.jp/e/d_budget/pdf/231220.pdf, Page 7

67 Funds seemingly have to be shared between four departments: Information Collection Department, Dynamic Analysis Department, Static Analysis Department, and Response Exercise Department.

68 Source: Defense Programs and Budget of Japan. Overview of FY 2012 Budget Request. http://www.mod.go.jp/e/d_budget/pdf/231220.pdf.

69 Defense of Japan 2011, p. 22

70 Ibid pp. 6.

71 The Council on Security and Defense Capabilities in the New Era, Japan’s vision for future security and defense capabilities in the new era: towards a peace creating nation, CSDCNE, Tokyo, Japan, available at http://www.kantei.go.jp/jp/singi/shin-ampobouei2010/houkokusyo_e.pdf