The US and Japan have established a policy covenant that’s meant to be a shared defense pledge—with the US lending its cybersecurity expertise to the cause in an ongoing fashion.
In the event of a serious cyber-incident that threatens the security of either nation, including as part of an armed attack, the Japanese Ministry of Defense (MOD) and the US Department of Defense (DOD) will cooperate on a response. In particular, the DOD will support Japan’s defense efforts via all available channels, as appropriate, especially when it comes to sharing expertise and threat intelligence.
The news comes as Japan’s Pension Service announced that its staff computers were improperly accessed by an external email virus, leading to the leak of some 1.25 million cases of personal data.
This is a watershed moment for Japan, which, while being a nexus for all things digital and gadgety, falls behind in cybersecurity. “The APAC region and Japan in particular has been a region that is resistive to the adoption of modern security technologies,” said Philip Lieberman, president at Lieberman Software, in an email. “The breach at Sony is typical of a culture that does not recognize the risks they are taking in [a] world of Internet connected systems. As a company we see the APAC region as an especially attractive region for criminals to exploit based on their wealth as well as lack of security.”
Japan wants to take the target off its back.
“We note a growing level of sophistication among malicious cyber actors, including non-state and state-sponsored actors, who are increasingly willing to demonstrate their intent and ability to do harm against information systems, critical infrastructure and services upon which our people, economies, governments and defense forces rely,” the two agencies said in a joint statement.
In the past, the MOD and DOD have cooperated on information assurance, defensive cyberspace operations and information security, and have been building a “common understanding of their respective missions in cyberspace,” they noted. But an enhanced information-sharing approach will include best practices on military training and exercises, education and workforce development.
This may include site visits and joint training and exercises.
“The MOD and DOD will ensure the resiliency of their respective networks and systems to achieve mission assurance,” the two added. “The MOD and DOD, mindful of whole-of-government efforts and in cooperation with other relevant government agencies, also intend to explore ways to strengthen cybersecurity for mission assurance and share best practices in mission assurance and critical infrastructure protection.”