Japan-U.S. security talks likely to highlight Tokyo's cyber-defence woes

Reuters

By Ruairidh Villar

TOKYO, Oct 3 (Reuters) - Top U.S. security officials meettheir Japanese counterparts on Thursday as concerns are growingthat the hosts can not protect themselves from maliciousinternet hackers.

Cyber security is on the agenda when the military anddiplomatic chiefs of the two countries hold their first jointmeeting in Japan. But even Japanese officials acknowledge theycan not keep up with the proliferating threat of attacks oncomputer networks from private or state-sponsored hackers.

"Cyber attacks are getting more and more sophisticated, andsometimes we cannot defend against them using the systems wecurrently have in place," said Kazunori Kimura, the DefenseMinistry's director of cyber-defence planning.

"I don't have enough people, equipment or money to do thejob," Kimura told Reuters TV. "Attacks using viruses have becomeincreasingly difficult to detect."

Attacks so far appear mostly to have allowed intruders tosnoop and steal files, experts say. But the attacks could becomemore dangerous, paralysing essential computer or communicationssystems.

Japan's lack of effective cyber defence overhangs Thursday'smeeting of Secretary of State John Kerry and Defence SecretaryChuck Hagel with their counterparts, Foreign Minister FumioKishida and Defense Minister Itsunori Onodera.

The "2+2" meeting aims to set a framework for revising thetreaty allies' security guidelines to "update and renovate them"in line with "new challenges" that have arisen in the more than15 years since the Cold War-era agreement was first revised,said a senior State Department official.

This includes co-operation in space and cyberspace, wherethe two sides are seeking agreement on "enhanced informationsecurity," the official told reporters en route to Tokyo.

The Japan-U.S. Security Consultative Committee Meeting comesat a delicate time for both countries' relations with China, acountry often accused of being a leading proponent of internethacking.

U.S. relations with China have been strained by Washington'saccusations that Beijing engages in cyber theft of tradesecrets. China rejects the accusations and is itself angered byrevelations by fugitive former U.S. spy agency contractor EdwardSnowden of U.S. electronic surveillance activities in China andHong Kong.

At the same time, relations between Japan and China are attheir lowest ebb in years over disputed islands in the EastChina Sea controlled by Japan.

Japan suffered well publicised cyber attacks in the past,such as breaches of parliament and military contractorMitsubishi Heavy Industries Ltd in 2011.

In fact, attacks on the Japanese government are continuingconstantly. Government networks were hit by some 3,000 potentialattacks a day in 2012, more than double the number of previousyear, says the Cabinet Secretariat, which staffs a small,24-hour cyber-surveillance team.

"The Defense Ministry gets hacked every day, but all they dois watch and then after the fact simply report that there hasbeen an attack," said an outside contractor for the ministry,who declined to be identified because of the sensitivity ofdiscussing the issue.

Partly this is a result of Japanese laws that do not allowvictims to "hack back" at cyber-attackers.

"We can't even investigate who is doing the hacking," saidItsuro Nishimoto, chief technical officer at LAC Co, aTokyo-based IT security firm that says it monitors 750 clients,including government entities and businesses.

But the outside contractor said the problem runs muchdeeper.

"There's no one at the Defense Ministry who understandscyberspace," he told Reuters TV. "It's more than a problem ofmoney or staff - they just don't have any interest in it."

Japan has taken some steps to beef up its cyber defence,such as setting up a Cyber Security Group in the DefenseMinistry, expected to be operational next year.

The ministry and Japan's military "are developingintrusion-prevention systems and improving security and analysisdevices for cyber defence," according to this year's defencewhite paper, although it says further enhancements are needed tokeep up with the escalating threat.

The Defense Ministry is seeking a budget increase tocentralise its loose array of about 100 cyber analysts. But sofar it only monitors its own internal network, which safeguardssecrets from ballistic missile-defence to joint technologydevelopment with the United States.

Japan's friends are wary.

"We've got some concerns about Japan's cyber security," saida British official involved in cyber security. London and Tokyorecently signed a joint weapons-development treaty.

"Japan has the structures in place - it's very good atthat," the official said. "But it needs more situationalawareness. It has zero capability."

View Comments