In August, Japanese and high-level U.S. security officials met for the first time as part of the U.S.-Japan Security Consultative Committee since President Donald Trump took office. Amid discussions of nuclear and ballistic missiles and international defense agreements, the officials addressed a growing problem among the two nations: cyberwarfare.
Japan and the U.S. have been close defensive allies since the post-WWII era. But the details of what constitutes a threat has changed in meaning as cyberattacks jeopardize both nations, promising to wreak physical and fiscal chaos if either nation is caught unprepared.
So when Secretary of Defense Jim Mattis, Secretary of State Rex Tillerson, Japanese Defense Minister Itsunori Onodera and Japanese Foreign Minister Taro Kono met at the State Department in August, it was taken as another sign that the two nations consider cybersecurity as important as land, air or sea defensive capabilities.
“Cybersecurity certainly wasn’t on the radar when the bilateral security treaty was signed in 1960, nor did it feature in the 1978 and 1997 Guidelines for U.S.-Japan Defense Cooperation,” said Stephen Herzog, a Yale University fellow at the Yale Project on Japan’s Politics and Diplomacy. “But the 2015 guidelines have an entire chapter on the need for collaboration to counter digital threats.”
In an age where computer systems run ballistic missile launches and where digital currency is as prevalent as physical cash, cybersecurity threats from nations like North Korea, Russia and China are real and ever-present concerns for U.S. servicemembers. According to Japanese public research institute National Institute of Information and Communications Technology, 128.1 billion cyberattacks were detected against Japanese targets in 2016 — double the amount of attacks from 2015.
The international WannaCry ransomware worm that affected about 150 countries this spring, which was reportedly tied to North Korea, highlighted the constant challenge nations face when trying to secure their cyber resources.
“National policies and strategies have not fully taken this development [of cyberwarfare] into account, and the challenge cybersecurity poses to the alliance is how to take a 20th-century alliance and remake it for the 21st century,” wrote James Lewis in a Center for Strategic and International Studies 2015 report.
Threats in the ‘60s, ‘70s and ‘80s mostly meant the potential for nuclear war. As the internet became pervasive, the U.S. implemented strategies to address cybersecurity, but Japan was slower on the uptake. The U.S and Japan created a Cyber Defense Policy Working Group in 2013 to address issues of cyberwarfare against the two nations, and Japan’s national governmental body, the Diet, passed the Cybersecurity Basic Act in 2014.
Herzog said the 2015 Guidelines for U.S.-Japan Defense Cooperation solidified cybersecurity’s place as a defensive tool and allowed for easier information sharing, consultation and response in the event of a cyberattack on either nation.
But cyber defense is still an emerging area of warfare, which makes it tricky to deduce traditional nomenclature like “threats.” Is a threat valid if only human lives or physical property are on the line? What about virtual property or state secrets? What constitutes self-defense in cyberwar?
The U.S. military works with Japanese military to share best practices about cybersecurity, to share intelligence about potential threats and to provide training. This helps both countries because they are interdependent both defensively and economically, Herzog said — trade between the U.S. and Japan totaled $270 billion in 2016.
“Widespread dissemination of information and communication technologies makes preventing cyberattacks difficult,” Herzog said. “Japan and the United States work together to ‘harden’ networks and critical infrastructure to reduce the likelihood of digital attacks breaching security perimeters and causing damage.
“Over time, such cooperation has moved from identifying threats and writing broad policy guidelines to combating hostile state actions, including the use of botnets and cyberespionage,” he added.
After a major cyberattack by Chinese hackers on Google in 2009, called Operation Aurora, Japanese officials began to take the threat seriously, he said. “What we see now are steps toward a whole-of-government cybersecurity approach in Japan, as the Abe administration wants the Tokyo 2020 Olympics to go off without a hitch.”