Pages

3 May 2015

The Evolving U.S.-Japan Strategy in Cyberspace

April 29, 2015

The revised U.S.-Japan Defense Cooperation Guidelines, released Monday, define how both countries will address growing cybersecurity concerns in the Asia Pacific. Decreasing the threat from cyberattacks is of paramount strategic interest to both nations. As Japan becomes more active in its self-defense, the new guidelines help clarify strategic relations between the two allies.

The revisions take into account the changing scope of potential threats, with the addition of defense cooperation in space and cyberspace. Chapter 4 of the guidelines declares a mutual cooperation in sharing cybersecurity information and in protecting infrastructure critical to U.S. Forces Japan (USFJ) and to Japan's Self-Defense Forces (SDF). However, the United States and Japan currently define critical infrastructure differently - the defense industrial base is not included as Japanese critical infrastructure.

In cybersecurity, information sharing is critical. Japan is unlikely to use offensive cyber measures to pre-emptively deter any cyberthreat. The two governments plan to streamline information sharing about cyberthreats and vulnerabilities. There are signs that Japan may change its mind on pre-emptive cyberdefense in the future, as the United States leans towards pre-emptive cyberattacks to protect its critical infrastructure. If Japan were to come under a major cyberattack, the SDF would take the lead in cyberdefense, with USFJ available in a supporting role if necessary. Meanwhile, the revised guidelines have already begun to outline Japan's role in its own right to collective self-defense, stating that Japan will help defend other countries by intercepting ballistic missiles.

A New U.S. Strategy

Monday's release of the revised Defense Cooperation Guidelines came less than a week after the U.S. Department of Defense published its 2015 U.S. Cyber Strategy. That document identified three mission goals: to defend Department of Defense networks, to defend the United States from cyberattacks, and to support military operations and contingency plans. The revised cyber strategy calls for continued growth in U.S. Cyber Mission forces (CMF) -from the current 3,000 in U.S. Cyber Command to 6,000 by 2016. Bear in mind that budget constraints have already delayed the CMF buildup called for in 2013. Also, these numbers do not include the cyber forces already stationed within each of the U.S. service branches.

The U.S. cyber strategy lays out five strategic goals, and Goal 5 prioritizes the Asia-Pacific:

"Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability."

While the document calls for strengthening the cyber dialogue with China, it also highlights the need to help allies such as Japan build resiliency in their networks and their critical infrastructure. And though diplomatic measures, such as economic sanctions, for countering or deterring cyberattacks are mentioned, the cyber strategy emphasizes that the United States will use the totality of its cyber capabilities (including pre-emptive measures) to deter state and non-state actors.

With cyberattacks increasing against the financial and health sectors - and in the aftermath of last year's North Korean attack on Sony - cyberthreats have become a huge concern for U.S. and Japanese interests. Unlike kinetic attacks, cyberattacks happen in a matter of seconds and are detected less often before they have already struck.

Japan's location makes it a prime target for cyberthreat actors in the Asia-Pacific from Russia, North Korea, and China - actors who potentially destabilize the region outside of just cyberspace. For now, Chinese hackers tend to focus on cyberespionage, targeting political information and intellectual property rights. Russian hackers are also politically focused, with Russian criminal hackers interested in targeting financial and personal information for their own financial gain. North Korean hackers, though, have arguably been at cyberwar with South Korea - launching cyber attacks against the media and against nuclear power plants.

In 2014 Japan experienced more than 25 billion cyber attacks - 10 billion thought to originate in China. Earlier this month, cybersecurity firm FireEye reported on Advanced Persistent Threat 30 - a China-based, possibly state-sponsored, team that has been spying on key economic, political and strategic interests in East and South Asia since 2005. And new threats keep coming. Interpol has warned that a virus which drains financial accounts through ATM machines (and which has already filched $800 million from accounts in the U.S. and Europe) will soon be at Japan's doorstep.

It is clear that the United States and Japan continue to share a strong strategic, economic, and diplomatic relationship - highlighted by Prime Minister Shinzo Abe's visit to Washington this week. The Defense Cooperation Guideline revisions will help secure the strategic interests of both countries. The new understanding of cooperation in cyberspace will help clarify the roles the United States and Japan will play in the Asia-Pacific region. Cyberthreats will persist in the foreseeable future, but U.S.-Japan cooperation in countering potential cyberthreats will likely reduce the risk to both countries, and to their critical infrastructure.

Riley Walters is a researcher in The Heritage Foundation's Allison Center for Foreign and National Security Policy Studies.

No comments:

Post a Comment