Cyberspace has been called the “fifth battlefield” after land, sea, air and space. Its importance will only increase.
In the case of Russia’s invasion of Ukraine, fake news has become the new bullet, flying across the internet and sparking a ‘digital war’ on a historically unprecedented scale. Each person’s smartphone screen is one of the main battlefields. A “cognitive warfare” is being waged to manipulate public opinion by promoting large-scale information warfare. This “cognitive realm” is now called the “sixth battlefield”.
However, Japan’s efforts to strengthen cybersecurity appear to lag far behind similar efforts in China, North Korea and Russia, as well as major Western countries. For example, the Self-Defense Forces just launched a new Cyber Defense Command in March 2022 by integrating the existing cyber-related units of the Ground Self-Defense Force, Air Self-Defense Force, and Maritime Self-Defense Force, but the command only has 540 personnel.
As cyberattacks become more serious, what security measures should the government and Japanese companies take?
The diplomat recently met with Major General Tatsuhiro Tanaka, former commander of the Ground Self-Defense Force’s Signal School and current research chief of the National Security Research Laboratory at Fujitsu Systems Integration Laboratories in Tokyo.
Tanaka emphasized the need to establish a “cyber ministry” in order to eliminate the harmful effects of vertically divided ministries and agencies and build a more integrated nationwide cyber defense system.
Japan’s military power remains severely limited by its post-war constitution, and debate continues as to how far it can defend itself in cyberspace. However, in the event of an emergency, for example, an emergency in Taiwan becomes more likely, there is a risk that Japan will become a target for cyberattacks. As Mr. Tanaka points out, critical infrastructure such as power and communications can easily fail without strengthening cyber defenses. His proposal to create a new cyber ministry is noteworthy.
The interview was conducted in Japanese and translated into English.
The importance of “cyberspace” and “cognitive warfare” has been reaffirmed in the current Ukrainian war. What do you think about this situation?
The most important point is that the information age has arrived and digitalization is progressing. First, we must recognize what has changed due to digitization.
For example, we can physically recognize a face as a face and a hand as a hand, but when they are digitized and placed on a device, they are all represented by 1’s and 0’s. Any color can be artificially processed using the three primary colors of light: red, green, and blue.
In other words, what we see in the real world is not the same as a digitally created virtual or imagined image. What we perceive and how we believe is important.
Second, as the information age evolves with digitization, all activities are dependent on the internet space. When the cyber infrastructure collapses, all activity comes to a halt. We must protect our cyber infrastructure and the power that underpins it. These two points became clear in the war in Ukraine.
The number of cyberattacks targeting businesses is increasing everywhere. What are the biggest challenges facing Japanese companies in promoting cybersecurity measures?
The challenge is how to reform the mindset of business people, including managers. Until now, there has been an idea of how to balance the strengthening of cybersecurity with its cost. However, considering cybersecurity as a cost of doing business, security may be relaxed to keep costs down. If your company’s network infrastructure is damaged, you will not be able to carry out your activities.
You may want to spend less on cybersecurity, especially if you haven’t had an accident in a while. However, it is better to start thinking about the added value that cybersecurity creates. In other words, zero accidents increase corporate value. So spending on cybersecurity is really an investment, not a cost.
Japan already has a digital agency, but has advocated for the establishment of a cyber ministry to protect and strengthen the nation’s cyber infrastructure. why is that?
Given the advent of the information age and what the Internet has brought us, the structure of society is lateral. And all activity depends on that horizontal structure. This is a major change taking place on our planet.
However, administrative organizations and general social activities are still forced to follow old values, rules, and unique sensibilities. They try to stick to their positions. However, by strengthening horizontal cooperation and increasing speed, a synergistic effect will be created. In the current situation, it is not easy to create high added value.
We need to think more seriously about how we can strengthen our infrastructure. In this sense, you need a strong cybersecurity infrastructure. In addition, the information space is full of various information, including big data, so you can see information from all over the country. This includes the response to the real and virtual images mentioned at the beginning, as well as the response to information warfare.
This can only be done by the Cyber Ministry, not by a digital agency. We must strengthen our cyber infrastructure by becoming an organization that stands shoulder-to-shoulder with other ministries and agencies. More ideally, given the current social structure, the Cyber Ministry should be at the top, with other bureaus attached.
The Cyber Security Strategy Center (NISC), located in the Cabinet Secretariat, is not a command center for cyber defense, but a coordination-based organization for responding to situations. Instead, we need an organization that maintains a solid infrastructure for crisis management. If a cyberattack brings down a power grid somewhere or bankrupts a service provider, what you need is not coordination, but command and control that can take the necessary action. We should aim to establish large ministries with large powers and responsibilities.
The Self-Defense Forces have a Cyber Defense Command, whose purpose is to protect the systems of the Ministry of Defense and the Self-Defense Forces from cyberattacks. Protecting a nation’s cyber infrastructure is not enough, right?
This issue is currently being sorted out. Japan is a country of laws and regulations, so we must define our mission by law. What to do with the SDF’s extraterritorial missions should be thoroughly debated in the Diet and entrusted to the SDF within the limits of the law. Laws cannot be expanded arbitrarily.
The Japanese government has formulated a cybersecurity strategy and has shown a policy of deterring malicious cyberattacks by imposing fees in a timely manner. Excluded cyber retaliation as it would be a major national controversy.
As a countermeasure, such cyber retaliation is supposed to make the adversary aware of the cost of the attack so that the adversary decides it is not worth it.
The United States has already demonstrated its right to self-defense in cyberspace. For example, the United States has shown that if a cyberattack destroys a nuclear power plant, the country will not hesitate to take physical retaliation. In Japan, the debate is not boiling. We are also considering the possibility of economic sanctions. Overall, there is an idea that improving resilience is a deterrent.
In addition, the National Defense Program Guidelines stipulate that the SDF’s cyber defense capabilities will be fundamentally strengthened, including the ability to interfere with the other party’s use of cyberspace in an attack against Japan in the event of an emergency. Currently, it is being debated what kind of ability it has.