Japan continues to deepen strategic cooperation with the North Atlantic Treaty Organization. Last week during a trip to Estonia, the first stop on a six-day tour that also took him to Latvia, Lithuania, Romania, Bulgaria and Serbia, Japanese Prime Minister Shinzo Abe announced that his country was going to join the Atlantic alliance’s Cooperative Cyber Defense Center of Excellence in Tallinn.
Japan is a key friend of NATO outside the Euro-Atlantic space, and will collaborate with its cyber-defense center as a partner state. The Estonia-based entity annually organizes the cyber-defense exercise Locked Shields, the world’s largest and most complex military drill in this field.
Cyber-security dialogue is part of Abe’s efforts to expand the scope of Japan’s collaboration with the Atlantic bloc. This is primarily centered on tackling North Korean nuclear and missile development, but the Japanese government is also looking to NATO for support against China’s military expansion in the China Seas and in the Indian Ocean.
Protecting national networks, infrastructure
Beijing is suspected of having launched large-scale cyberattacks on Japan in the past few years. Japanese networks, particularly devices linked to the Internet of Things, were the target of 128 billion cyber-raids in 2016, according to Japan’s National Institute of Information and Communications Technology, with the largest number originating from China. They stood at about 310 million in 2005, when the institute started monitoring cyber-incursions into Japan’s digital domain.
Japan is concerned that cyberattacks could damage critical infrastructure such as nuclear plants, hydropower dams, transportation systems, the power grid and communication networks. The Japanese government is also working to avert a possible digital sabotage of the 2020 Tokyo Olympics.
But the main concern for Japanese leaders is the protection of the Self-Defense Forces’ arms systems and facilities. Mitsubishi Heavy Industries, Japan’s biggest defense contractor, was the victim of a cyberattack in 2011 aimed at extracting data on missile platforms, submarines and fighter jets. Japan’s Defense Information Infrastructure, which connects military camps and bases across the country, was also hacked in the past, according to local media reports.
Estonia, NATO mull offensive cyber-capabilities
Tech-savvy Estonia can help Japan improve its cyber-defenses. The Baltic nation suffered large-scale digital attacks in 2007, which Russian hackers were blamed for even though there was no evidence to show the Kremlin orchestrated the operation.
Since then, Tallinn has strengthened its cyber-capabilities. It has a voluntary digital defense unit incorporated in the country’s reserve force, and will set up its own cyber-command by the end of the year. Only the United States, the United Kingdom, the Netherlands, Germany and France have a permanent cyber-structure within NATO.
The Estonian cyber-command will have both defensive and offensive capacities. NATO is also considering a more proactive approach to state-sponsored hacking against its systems and networks. Under its current rules of engagement, the Atlantic alliance can activate collective defense only against cyber-aggressions that constitute armed attacks, meaning that they have to bring about physical destruction like in a conventional warfare setting.
Euro-Atlantic leaders believe offensive cyber capabilities are now needed to face growing threats from Russian, Chinese and North Korean hackers, be it a state or non-state actor. This means that in the future NATO could defend its member states against a cyberattack through the destruction of enemy systems and networks – at the moment, the United States is the only NATO country to have deployed offensive cyber-weapons.
The problem for Japan is that the adoption of an offensive cyber posture could be met with a harsh response from adversaries in East Asia, where geopolitical competition is on the rise and armed confrontation is right around the corner.
What’s more, the country’s constitution limits the use of force to self-defense or, at most, to collective self-defense. In the second case, Tokyo could react to a cyberattack on US forces and structures only if it were to pose a threat to its own security.
Despite these limitations, it is likely that Japan will follow with great interest NATO’s internal debate on active cyber-defense. All the more so when the Abe administration is moving forward with the removal of postwar pacifist constraints on the military and the acquisition of autonomous strike capabilities for its armed forces.