Japan-US cyber cooperation needs urgent update

Author: Mihoko Matsubara, Pacific Forum CSIS

Japan and the United States urgently need to advance their cyber security cooperation. They are the first and third largest economies in the world, and their economic strength and national security cannot survive without computers or the internet. If their cyber security fails it would have negative consequences for regional security and economics. The two countries are also responsible for setting an example the region can follow, as cyber threats continue to mount and governments become more interested in finding a way to counter borderless threats.

Yet Japan and the United States are struggling with their cyber security cooperation at the military-alliance level. The good news is that bilateral discussions have increased; the bad news is that concrete action is virtually non-existent – at least from public reports – especially on the Japanese side.

In keeping with these discussions, the Japanese defense minister, Itsunori Onodera, and US secretary of defense, Chuck Hagel, met to discuss bilateral cooperation on cyber security in parallel with the Japan–US Security Consultative Committee (SCC) meeting on 3 October 2013. They agreed to establish the Cyber Defense Policy Working Group and commence biannual dialogues between the Japanese Ministry of Defense and the US Department of Defense. The working group will share information on cyber threats and other defence-related topics, and should help to strengthen collaboration within the industry. Education and training will be another pillar of the new working group, although it will only occur in one direction; the Japan Self-Defense Forces (SDF) will reportedly send officers to the US Cyber Command to learn about cyber defence because they believe this is where cyber security education and technologies are most advanced.

The Japanese and US governments also plan to revise their Guidelines for Japan–US Defense Cooperation. Japanese and US defence and foreign affairs officials started working-level discussions on this topic back in January 2013, and the new working group is expected to take a further year to specify what else needs to be included on the cyber security front. A potential scenario that should be considered is a cyber attack on information and communications infrastructure in SDF or US military bases. But when Japanese capabilities do not even allow the Ministry of Defense or SDF to accept US military officers for cyber defence training, it is questionable how well the SDF and US forces could really work together in the event of such a crisis.

Bilateral cooperation between Japan and the United States is far from achieving an operational and reciprocal level. If collaboration were reciprocal, both governments would exchange officers for education and training. If it were operational, information on potential threats or defensive methods would be shared more effectively. And the new working group would not need to serve as yet another piece of the puzzle.

More than two years have passed since an SCC meeting in June 2011 publicly acknowledged the importance of bilateral cyber security cooperation. But the development of this bilateral cooperation has been slow. Of course, all governments are now striving to establish effective cyber defences and better information-sharing, and bilateral or multilateral cooperation requires more coordination and therefore takes longer to develop.

But for the United States and Japan the slowness is alarming for three reasons. First, Japan is expanding cooperation on cyber security issues with other international partners, namely ASEAN, India, NATO and the United Kingdom. If Japan finds it challenging to exchange information on cyber threats with its only formal ally, the United States, it will be even more difficult to share sensitive information with non-allied countries.

Second, Japan has been unable to take advantage of the past two years to improve its protection of national defence- or diplomacy-related secrets. Without robust assurances, no country will share sensitive information with Japan. The current Abe administration plans to submit a legislative bill to raise the penalty for government officials who leak national secrets. Yet Japan currently lacks an overarching security clearance system for its different agencies — although the government recognises the necessity of changing this situation.

Robust assurances about confidentiality would also provide a basis for improving intelligence capabilities. Outside Japan, it is taken as a given that the intelligence community gathers and analyses a wide variety of sources to discern who is behind particular cyber attacks and how particular systems have been exploited. In sharp contrast, Japanese citizens abhor the word ‘intelligence’, associated as it is with pre-war censorship.

Third, governments are now demanding greater assurances following the Edward Snowden affair. His leaks sent shockwaves through governments around the world and raised awareness of insider threats. Yet the Japanese government has not expressed any specific commitment to improve its security measures.

The outcome of the October 2013 SCC meeting reflects the relative immaturity of bilateral cyber security cooperation between the United States and Japan. Until the latter breaks its current negative spiral and implements effective intelligence reforms, Japan’s international cyber security cooperation will not be able to advance fast enough to keep up with the present dynamic cyber era.

Mihoko Matsubara is a cyber security analyst and adjunct fellow at Pacific Forum CSIS