An H-2A rocket equipped with the Hayabusa2 asteroid explorer is launched from the Tanegashima Space Center in Kagoshima prefecture, Japan, on December 3, 2014. Photo: AFP / The Yomiuri Shimbun

Cybersecurity has been a matter of much concern to Japan’s national-security establishment. And the government has vowed to do something about it.

In May it was reported in the Japanese press that between 2017 and 2019 the Japan Aerospace Exploration Agency (JAXA) was a target of a major cyberattack that also affected other Japanese entities.

The attack was allegedly coordinated by the Chinese military’s Strategic Support Force (SSF) and involved an information-technology professional from China and the notorious hacker group called “Tick,” which is believed to have ties with the Chinese state. 

Another major operational and information-security concern came to light in June when Japanese national Kazuo Miyasaka was arrested for passing high-tech military secrets, including documents related to the United States’ X-37B spaceplane, to alleged Russian intelligence agents. Miyasaka is believed to have accessed this information via (presumably digital) research databases. 

On September 27, the government of Japan adopted a revision to its draft cybersecurity strategy, which will remain a guiding document for cyber policymaking and administration across sectors in Japanese society for the next three years. The text makes familiar “whole of government” and “whole ecosystem” arguments for achieving cybersecurity goals.

The most notable feature of the strategy appears to be its un-hesitant designation of China, Russia and North Korea as cyber threats.

The strategy document says China’s cyberattacks are motivated by its desire to “steal information from companies related to the military and possessing advanced technology,” which is a clear recognition of intellectual-property (IP) theft perpetrated by the Chinese state worldwide.

For Russia, the given reason is that the country tries “to exert influence to achieve military or political aims” via cyberattacks, perhaps alluding to the alleged “gray zone” activities of the Russian state inside and beyond Japan’s borders. Although not a direct adversary to Japan, Russia dislikes Japan’s close ties to the US and would find jeopardizing their mutual trust and sharing of high-tech military secrets an amenable development.

Consistent with Pyongyang’s modi operandi elsewhere, the reason for the Democratic People’s Republic of Korea’s cyberattacks is highlighted as “to exert influence to achieve military or political aims or obtain foreign currency.” 

Examples are the cyberattacks and resultant theft of almost US$81 billion from Bangladesh’s central bank as well as the cyberattacks on Sony “in retaliation for the movie The Interview, a farcical comedy that depicted the assassination of the DPRK’s leader.”

Notably, the document also focuses on an often overlooked aspect of cybersecurity, the supply-chain risks that can severely limit the potential of a nation to access the benefits of modern digital communication technologies. Some scholars argue that the dimension of a “cyber blockade” could also be partly physical, affecting digital communications infrastructure.

In the post-pandemic world with an ongoing semiconductor shortage affecting all industries and walks of life, the concern is timely, and will likely pop up in similar strategic publications elsewhere in the world too.

The Indo-Pacific strategic grouping known as the Quadrilateral Security Dialogue, of which Japan is a member, has held significant deliberations on the topic of high-tech collaboration. Semiconductor supply chains and cybersecurity cooperation find prominent place in the latest fact sheet released after the first ever physical meeting of Quad leaders too.

It is also worth noting Japan’s bilateral engagement with its Quad partner India, which may result in a separate cybersecurity agreement.

These consolidated moves on cybersecurity and high-tech cooperation by Japan, unilaterally, bilaterally and in multilateral fora like the Quad are nothing short of impressive.

In recent years Japan has also been more open to involving its Self-Defense Forces (SDF) in domains like cybersecurity that represent a gray area between civilian and military space. The text asserts that the “SDF will strive to fundamentally strengthen cyber defense capabilities, for example, by enhancing the posture of cyber-related units.”

In conclusion, the document also alluded to Japan’s desire to develop and field “capabilities to detect, investigate, and analyze cyberattacks so that Japan can identify the attackers and hold them accountable,” thus elevating the posture from a merely defensive level to one of active enforcement. 

All views expressed here are personal.

Aditya Pareek is a research analyst at the Takshashila Institution, an independent, networked think-tank and public-policy school based in Bangalore.