A powerhouse of technological innovation, Japan is rightly recognized as a global leader in industrial automation, robotics, biomedical research, and artificial intelligence. However, outdated security infrastructure, a rapidly evolving cyber threat and a culture of sovereign pride undermine these achievements.
In autumn 2022, Chinese state-backed hackers compromised Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) system in a sustained attack that lasted until June 2023. The discovery of the breach couldn’t have come at a worse time — Tokyo is keen to deepen its military cooperation with the US, UK and regional allies.
Now, government cyber security experts in these nations are expressing reservations about Japan’s ability to handle data safely. Inflamed geopolitical tensions in the region aren’t helping — independence advocate Lai Chine-te’s victory in Taiwan’s presidential elections has seen the People’s Liberation Army staging the largest military maneuvers in weeks. This is a move the US will be keeping a close watch on.
While it was unclear exactly what data was compromised by the hackers, it is almost certain the state-funded “BlackTech” is infiltrating routers to gain undetectable backdoor access to the networks of companies in the US and Japan. The re-routes have been confirmed by the US National Security Agency, Federal Bureau of Investigation and Japanese police jointly during a cybersecurity advisory late in September 2023.
These Border Gateway Protocol (BGP) re-routes fall under the Harvest Now, Decrypt Later (HNDL) threat — where malicious actors collect and store sensitive encrypted data with the intention of cracking it later by using powerful quantum computers.
HNDL attacks can have dire consequences for critical sectors such as finance, energy, government and defense. And BGP rerouting attacks aren’t uncommon.
In 2020 data from corporations including Google, Amazon and Facebook were inexplicably siphoned through Russia. Four years prior, internet traffic heading to South Korea from Canada was ending up in China.
In the West, the race to develop post-quantum cryptography (PQC) is gathering steam. The US is leading the charge with the passing of the Quantum Computing Cybersecurity Preparedness Act, which outlines the steps federal government agencies must take when adopting technology to protect against quantum computing attacks.
The momentum created by this US-led legislation is now replicated in many European countries. Last March, the UK government launched a 10-year program to invest 2.6 billion pounds (US$3.3 billion) into the sector while Germany and France have invested more than $5 billion in research.
Unlike the US and its allies, Japan hasn’t placed the same focus on securing its networks with PQC, placing bilateral communications with the US at risk from a quantum attack.
Japan’s need to upgrade its entire cybersecurity defense is long overdue. The central government and private corporations should take this opportunity not just to keep up with but leapfrog other nations by creating their own, quantum-safe by design, end-to-end infrastructure that protects IP creation, business processes and day-to-day communications.
Market-ready solutions are available: Last year, a Hybrid PQ VPN was adopted by NATO to secure its comms from quantum attack.
Prioritizing cybersecurity should be high on Japan’s agenda, not only to appease its allies and earn a seat at the table as a global innovation leader once again but to ensure a resilient digital landscape in an increasingly turbulent world.
Andersen Cheng is the CEO of Post-Quantum, a cybersecurity company focusing on quantum-safe security and identity solutions. He was previously COO of the Carlyle Group’s European venture fund and a founding member of LabMorgan, the Fintech1.0 investment unit of JPMorgan.