Former JGSDF Major General – The Diplomat

It has long been said that cyberspace is the “fifth battlefield” after land, sea, air and space. Its importance is only growing.

In the case of Russia’s aggression in Ukraine, fake news became a new bullet, flying across the internet and sparking a “digital war” on a historically unprecedented scale. Everyone’s smartphone screen has become one of the main battlegrounds. The “cognitive war” that manipulates public opinion by pushing a vast information war is unfolding. This “cognitive domain” is now called the “sixth battlefield”.

However, Japan’s efforts to bolster cybersecurity appear to lag far behind not only those of major Western nations, but also similar efforts by China, North Korea and Russia. For example, Japan’s Self-Defense Forces (SDF) just launched a new Cyber ​​Defense Command in March 2022 by combining existing cyber units from the land, air and sea SDFs, but the command is only 540 strong.

As cyberattacks become more serious, what security measures should the Japanese government and companies take?

The diplomat recently met with Major General Tanaka Tatsuhiro, former commanding general of Japan’s Ground Self-Defense Signals School and current research director at the National Security Institute of Fujitsu Systems Integration Laboratories in Tokyo.

Like this article ? Click here to register for full access. Just $5 per month.

Tanaka stressed the need to create a “cyber ministry” to eliminate the harmful effects of vertically divided ministries and agencies and build a more integrated cyber defense system nationwide.

Japan’s military capabilities are still severely limited by its post-war constitution, and debate continues as to how far it will defend itself in cyberspace. However, in the event of an emergency – an eventuality in Taiwan, for example, which is becoming increasingly likely – there is a risk that Japan could be the target of cyberattacks. As Tanaka points out, if the cyber defense system is not strengthened, critical infrastructure such as electricity and telecommunications could easily become dysfunctional. His proposal for the creation of a new cyber-ministry deserves attention.

The interview was conducted in Japanese and has been translated into English.

In the midst of the current war in Ukraine, the importance of “cyberspace” and “cognitive warfare” has once again been recognized. What do you think of the situation?

The most important point is that the information age has arrived and digitization is advancing. First, we need to be aware of what has changed with digitization.

On the one hand, we can physically recognize a face as a face and a hand as a hand, but when we scan them and place them on a device, they are all represented by ones and zeros. Any color can be artificially processed using the three primary colors of red-green-blue light.

In other words, what we see in the real world is not the same as a digitally created virtual or imaginary image. There is “cognition” in it. How you perceive and what you believe is important.

Second, as the information age evolves with digitalization, all activities rely on the Internet space. If the cyberinfrastructure is crushed, all activities will stop. We must defend the cyberinfrastructure and the electricity that supports it. These two points became clear in the war in Ukraine.

The number of cyberattacks targeting businesses is increasing here and elsewhere. What is the biggest challenge for Japanese companies in promoting cybersecurity measures?

There is a problem of how to promote changes in the consciousness of business people, including management. In the past, the idea was to find a balance between strengthening cybersecurity and its costs. However, if cybersecurity is seen as a cost to business activities, security can be relaxed to reduce costs. If the company’s network infrastructure is damaged, it will not be possible to perform the activities.

Like this article ? Click here to register for full access. Just $5 per month.

One may want to cut spending on cybersecurity, especially after it has been accident-free for some time. But it would be better to come to think that there is an additional value created by cybersecurity – having zero accidents will increase the value of the company. Spending on cybersecurity is therefore not a cost but an investment.

You advocated for the creation of a Ministry of Cybersecurity to protect and strengthen cyberinfrastructure nationwide, although Japan already has the Digital Agency. Why is that?

When we think about the advent of the information age and what the internet has brought us, there is a horizontal structuring of society. And all activity is based on this horizontal structure. It is a great change that is taking place on our planet.

However, administrative organizations and general social activities still inevitably follow old values, rules and their own sensibilities. They strive to stick to their own positions. But we can have a more synergistic effect by strengthening horizontal cooperation and doing things faster. As things stand, we cannot easily create high added value.

We need to think more seriously about how to strengthen infrastructure. In this sense, we need a strong cybersecurity infrastructure. And since the information space is full of different types of information, including big data, we can use it to look at information from across the country. This also includes efforts to deal with the real and virtual images mentioned at the beginning and the response to information warfare.

This can only be done by a cyber ministry, not by the Digital Agency. We need to strengthen cyber infrastructure by making it an organization on par with other government departments. More ideally, given the current social structure, the Ministry of Cybersecurity should be at the top, with other offices attached to it.

The National Cyber ​​Security Incident Preparedness and Strategy Center (NISC), located in the Cabinet Secretariat, is not a command center for cyber defense, but a coordination-based organization to respond to situations. Instead, we need an organization that maintains a solid infrastructure for crisis management. When a cyberattack brings down a power grid somewhere or a service provider goes bankrupt, we don’t need coordination, but command and control that can take the necessary action. We should aim to establish a large ministry with significant powers and responsibilities.

The SDF has the Cyber ​​Defense Command, but it aims to protect MoD and SDF systems from cyber attacks. It’s not enough to defend the nation’s cyber infrastructure as a whole, is it?

This issue is being resolved. Japan is a country of laws and regulations, so the mission must be defined in law. We need to get the Diet to thoroughly discuss what to do with the mission outside the territory of the Self-Defense Forces and then hand over the mission to the SDF within the framework of the law. Laws cannot be extended at will.

The Japanese government has formulated a cyber security strategy and indicated a policy to deter malicious cyber attacks by imposing timely costs. Cyber-retaliations are ruled out as it would be a big national controversy.

As a countermeasure, such cyber-retaliation is supposed to make the adversary aware of the cost of an attack, so that the enemy concludes that it is not worth it.

The United States has already clearly demonstrated the exercise of the right of self-defense in cyberspace. For example, the United States has indicated that if a nuclear power plant is destroyed by a cyberattack, the nation would not hesitate to retaliate physically. In Japan, the debate has not boiled. We are considering the possibility of imposing economic sanctions. Overall, the increase in resilience is believed to have a deterrent effect.

In addition, National Defense Program guidelines state that the SDF will fundamentally strengthen its cyber defense capability, including the ability to disrupt the adversary’s use of cyberspace for an attack on Japan in an emergency. Currently, there is some debate over what kind of specific abilities he will possess.

Comments are closed.