Island nation grapples with how to fight off internationally bullies without becoming one

As warfare and civil unrest spread into the digital realm, high-profile international events increasingly become avenues where activists or government-employed hackers look to send an international message.
I. War Games Test Tokyo's Readiness for Upcoming Olympic Games
Tokyo, Japan's capital and largest metropolis, is scheduled to host the 2020 Summer Olympic Games.  It will become only the fourth city to have hosted the Olympics twice, having already played host to the 1964 Summer Olympics.  The games are a boon to any nation, bringing a surge in tourism and publicity.  But they also represent a growing national security risk in the digital space.
Japan is taking that risk seriously and this week conducted its first digital war games exercise -- a simulated attack meant to test the nation's networks and response should major attacks occur during the upcoming games, as many anticipate.

Tokyo officials
Tokyo is playing host to the 2020 Summer Olympic games, the second time it's hosted the event. [Image Source: Reuters]

In a land that remains on the leading edge of many technological and gadget trends, it would seem like cyberdefenses would be very stout.  Surprisingly, they are in a relatively poor state at present.
While private sector defenses have strengthened somewhat out of necessity, particularly following the beating that domestic giant Sony Corp. (TYO:6758took at the hands of Anonymous's "hacktivists" in 2011, government defenses remain weak at best.
"It's not that we haven't put effort into cybersecurity, but we are certainly behind the U.S.," Japan's IT Policy Minister, Ichita Yamamoto, commented in a recent interview with Reuters.
Last week, four agencies -- including Japan's Ministries of IT Policy, Industry (METI), and Defense (MOD) -- worked with the nation's National Police Agency to stage the war games exercise.  Over 50 experts at a Tokyo-area cyberdefense center and nearly 200 experts working remotely participated in the simulated attack, the largest exercise of its kind in Japan to date.

War games
Japanese officials hope that the war games exercises and increased planning sessions will strengthen the nation's lacking cybersecurity. [Image Source: Getty Images]

The exercise simulated a large-scale attack on all 21 agencies in the Japanese government, plus 10 key industry sectors, including the tech industry.  The head of Japan's cybersecurity efforts, Chief Cabinet Secretary Yoshihide Suga suggested the exercise was a good start, stating, "Cyber attacks are becoming more subtle, sophisticated and international, and strengthening Japan's response to them has become a critical issue."
The exercise was in part inspired by a similar exercise conducted by the UK government, which was relatively successful in helping to shore up its own struggling cybersecurity efforts prior to the 2012 Summer Olympic Games in London.  The UK subsequently enjoyed a relatively peaceful Olympics without suffering any major damage from cyberattackers.
Along with Japan's war games simulation, a crucial meeting was held in Tokyo this month that for the first time brought together the heads of various national ministries involved with cyberdefense, plus the police agency.  The attendees planned to meet regularly to come up with a comprehensive and coordinated plan and set of recommendations for the prime minister and parliament.  In doing so they hope to address security concerns including risks related to the upcoming Olympic Games and risks associated with espionage from the U.S. and Chinese national governments.
II. Japanese Cybersecurity Grapples With How to Fight Off Bullies Without Becoming One
Japan's cybersecurity currently resembles that of the U.S. a decade or so ago.  Responsibilities are spread over a host of different agencies, and bureaucratic inefficiencies and lack of real world understanding of cybersecurity threats have made Japan a "cyberweakling" as the U.S. once was, from a government cyberdefense standpoint.
The U.S. government was able to dramatically close the gaps in its defenses over the last decade.  While a handful of public websites are occasionally taken down or defaced by groups like Anonymous, critical government networks in the U.S. are today well protected by the concerted efforts of the U.S. military's U.S. Cyber Command, the U.S. Federal Bureau of Investigation, the U.S. Department of Homeland Security, the Secret Service, and other related agencies.

US Cybercommand
Today U.S. agencies like the military's U.S. Cyber Command offer a relatively strong defense against foreign attacks. [Image Source: USAF]

The dramatic rise in sophistication of the American federal government when it comes to cybersecurity illustrates both potential factors for success and the dangers that come with it.
The U.S. improved its defenses, in part, by drastically increasing the amount of taxpayer money spent on cyberoffense and cyberdefense.  It also strengthened its capabilities by wooing black hat hackers that had the real world skills necessary to wage cyberwar effectively.  The U.S. is quick to downplay its own growing sophistication, which has helped temper expectations and reduce embarrassment.
One lesson from the U.S. is that no amount of cybersecurity can prevent every attack on a large national government.  The U.S. and China are engaged in a silent digital war, and it's not unusual for the Chinese to win a round.  But overall, cybersecurity is based on who wins most often and who repairs the damage the fastest when your defenses fail.
The rise of U.S. cybersecurity also illustrates a cautionary tale of how the seemingly noble public goal of cyberdefense can be perverted to create an offensive digital war machine that targets not only enemies, but ally states and the homeland, as well.  The world received a dose of this reality when it discovered the extent of the U.S. National Security Agency (NSA) spying.  The NSA is recording every phone call in some countries, and is eavesdropping on leaders in ally states, as well as engaging in massive -- and at times politically motivated -- spying on its own people.

NSA Loveint
The NSA not only presents a natonal security risk to Japan, it also provides it with a cautionary example of how a defensive effort can be perverted. [Image Source: Fox News]

Japan must expand its capabilities, but as it learns to defend itself, it must tread lightly in order to avoid the kind of self-destructive bully it's trying to ward off.

Indeed, the NSA spying is one more reason why Japan's Olympics related security push is critical to the country's future.  While President Obama has promised Japan and other allies that the data it illicitly extricates from their corporate researchers won't be used for economic espionage, Japan and other ally states can't count on that promise.  But the U.S. is far from the only nation to post an industrial espionage danger to Japan.

Recent technology theft accusations against South Korea, China, and Taiwan have forced Japan to reconsider foreign security software and to look to new ways to protect its companies' secrets.

To that end, Japan's National Institute of Information and Communications (NICT) has set up a honeypot network designed to act as a barometer to study the rates and characteristics of cyberattacks, both those from hacktivists, and those from rival foreign governments.

While many are sympathetic to the causes they stand for, so-called "hacktivists" like Anonymous are a major headache for leaders in the U.S. and Japan.

One key finding from the network is that the rate of attacks on Japan is sharply rising.  In 2012, the network was attacked 7.8 billion times.  Last year that figure increased by more than half, reaching 12.8 billion total attacks.

III. Government Cracks Down on Industrial Espionage

Japan is also looking to stiffen penalties against foreign countries and individuals who steal secrets from Japanese companies.  Prime Minister Shinzo Abe has passed a controversial and very strict new state secrets law, which could allow the government to crack down on foreign and domestic hackers alike.  

Japanese PM Abe
Japanese Prime Minister Shinzo Abe has created controversy by resorting to heavy handed national security policies. [Image Source: Reuters]

But many in Japan are concerned that the law's provisions -- which resemble policies of the nationalist military-controlled government of Japan prior to World War II -- could harm Japanese democracy.  The debate echoes the fears that were voiced by the U.S. public over similar laws, fears that eventually proved founded in the wake of the recent NSA revelations.

State secrets law
A demonstrator holds up a sign protesting Japan's controversial new state secrets law.
[Image Source: Reuters]

But Japan is also resorting to less secretive, less controversial tactics as well to cut down on foreign industrial espionage.

Just lack week Tokyo police arrested Yoshitaka Sugita, 52, who alleged stole secrets from Toshiba Corp. (TYO:6502) by serving a brief stint at the company's Yokkaichi plant in central Japan.  Mr. Yoshitaka allegedly passed technical details he gained during his employment with Toshiba to South Korean chipmaker SK Hynix Inc. (KRX:000660).

Toshiba filed suit against SK Hynix last week over the half decades old breach, which was only uncovered after a lengthy investigation.  Even as Toshiba works to try to recoup financial losses suffered, it's working hand-in-hand with authorities to try Mr. Yoshitaka and to investigate the extent of the theft.  

Toshiba v. SK Hynix
Toshiba has accused SK Hynix of theft of trade secrets. [Image Source: Veooz (left), E&T (right)]

Such efforts not only send a cautionary message to other looks to sell domestic secrets to foreign firms, but also create a cooperative atmosphere between Japanese law enforcement agencies and the corporate sector, a key to discovering or, in some cases, even preventing similar future incidents.

Sources: Reuters, The Japan Times, The Wall Street Journal

“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki