The Daily Yomiuri publication cites the apparent hack of computers belonging to the Agriculture, Forestry and Fisheries Ministry in January last year. Nearly a year later, it says, the ministry “has yet to announce that the attacks actually took place.”
Stolen documents may have included Japan’s policy on whether or not to participate in the hugely controversial Trans-Pacific Partnership (TPP) free trade negotiations – which activists believe carries on where the now-defunct ACTA trade agreement left off. One of the documents describes remarks exchanged between then Prime Minister Yoshihiko Noda and Motohisa Furukawa, state minister for national policy. “The document states,” reports Yomiuri, “that Furukawa replied: ‘There is no point in delaying the announcement. We have to make the announcement in November [2011]. I will tell agriculture minister Michihiko Kano about it myself.’” Noda did indeed announce Japan’s decision to talk to participating countries about Japan’s possible participation that November.
The problem for Yomiuri is that while the government sometimes discloses that it had been attacked, this is usually to claim a successful defense. “A senior member of the Cabinet Office's National Information Security Center, which is in charge of the nation's information security policies,” it reports, “questioned whether it was appropriate for the ministry not to inform the public of a case that may have been a theft of important information in which the assets of the nation were exposed to danger, even while announcing a case in which there were no tangible ill effects.”
Under the government's unified rules on administrative organizations, established in April 2011, prescribed measures are required when they come under cyber-attack – but it is not specified whether the organizations should reveal such cases to the public, or what standards they should follow in doing so. “At a time when electronic espionage is rampant,” concludes the Daily Yomiuri, “Japan falls far short of managing confidential government information in an integrated fashion. Individual government ministries and agencies are left to take cybersecurity measures on their own. Officials are increasingly worried about the nation's state of defenselessness.”