Advances in information and communications technology (ICT) in recent years have made information and communications networks essential to everyday life. This means that cyber attacks against these networks can have severe impacts on people’s lives.
For militaries, ICT forms the foundation for communications from the command center to all units, and advances in ICT mean that the armed forces are growing more dependent on information and communications networks. Militaries may also require the use of various critical infrastructures to carry out their missions, so cyber attacks on these infrastructures can create major obstacles for them. It is for these reasons that cyber attacks have been recognized as an asymmetric means of attack that can sabotage enemy military activities at low cost, and many militaries around the world are developing cyber attack capabilities.
Initiatives of the MOD/JSDF
The MOD/JSDF has engaged in holistic measures including the following: introduction of intrusion prevention systems, in order to ensure the safety of information and communication systems; development of defense systems, such as the security and analysis devices for cyber defense; monitoring of MOD/JSDF communications networks around the clock to respond to cyber attacks; enactment of regulations stipulating postures and procedures for responding to cyber attacks; research on cutting-edge technology; development of human resources, and collaboration with other organizations.
In addition to these initiatives, based on the National Defense Program Guidelines (NDPG), the JSDF will fundamentally strengthen its cyber defense capability, including the capability to disrupt, during an attack against Japan in time of emergency, the opponent’s use of cyberspace for the attack. Specifically, the Medium Term Defense Program (MTDP) stipulates 1 establishment of the necessary environment for ensuring cybersecurity, 2 keeping abreast of the latest information including cyber-related risks, counter measures and technological trends, 3 development and securing of human resources, and 4 contribution to whole-of-government initiatives.
1 To establish the necessary environment for ensuring cybersecurity and to secure functions of the system and network of the MOD/JSDF under any circumstance, it is necessary to expand units such as the Cyber Defense Group and strengthen information gathering capabilities and research and analysis, and to develop a practical training environment. To this end, the MOD/JSDF will continue initiatives such as 1. upgrade of information gathering devices for indications and techniques of cyber attacks, 2. enhancing functions of analysis devices for cyber protection taking advantage of AI and other advanced technologies, and 3. development of an environment for cyber exercises carried out as competition between an attack team and a defense team.
2 In order to respond to cyber attacks in a swift and appropriate manner, it is necessary to keep abreast of the latest information including cyber-related risks, counter measures, and technological trends through cooperation with the private sector as well as strategic talks, joint exercises, and other opportunities with allies and other parties, starting with the United States.
The “Cyber Defense Council” (CDC) was set up in Japan in July 2013. Its core members consist of around ten companies in the defense industry with a strong interest in cybersecurity. The MOD/JSDF and the defense industry have dealt with cyber attacks through joint exercises and other initiatives. The MOD/JSDF will further expand the cooperation.
Japan and the United States set up the Cyber Defense Policy Working Group (CDPWG) as a framework between the respective defense authorities. Under this framework, meetings have been held to discuss 1. promotion of policy discussions regarding cyber issues; 2. closer sharing of information; 3. promotion of joint exercises incorporating response to cyber attacks; and 4. matters such as cooperation for training and maintaining experts. In addition, Japan’s cooperation with the United States is to be further strengthened by such means as holding of the “Japan-U.S. IT Forum,” a framework between the defense authorities that has been in place since 2002, and dispatching liaison officers to the U.S. Army’s cyber educational institution.
Japan has held cyber dialogues with the respective defense authorities of the United Kingdom, Australia, the North Atlantic Treaty Organization (NATO), etc. Furthermore, Japan has participated in cyber defense exercises organized by NATO.
3 To train and secure human resources, the MOD/JSDF will work to 1. implement a common cyber course; 2. send personnel to study at universities, etc. in Japan and abroad; 3. hold a cyber competition to identify highly skilled cyber talents in the private sector; 4. ensure appropriate treatment for security and IT human resources who work as a bridge between highly professional human resources and general administration departments in the MOD; and 5. consider the utilization of external human resources through a public-private personnel exchange system to employ people with practical experience in private companies as well as contracts for service.
4 As the part of the Cyber Security Strategic Headquarters, which is placed within the cabinet, the MOD participates in cyber attack response training and personnel exchanges, and provides information about cyber attacks, etc. to the cross-sector initiatives led by the National center for Incident readiness and Strategy for Cyber Security (NISC) as well as sending personnel to the CYber incident Mobile Assistant Team (CYMAT) to contribute to whole-of government efforts.