Loading
Search
▼ Hit By Wave Of Online Attacks, Japan Shifts To ‘Active Cyber Defence’
- Category:Other
Under the new strategy, Japan plans to allow hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers to neutralise the source of cyber attacks.
Japan aims to take a more proactive approach to cyber defence by allowing hackers working for the authorities to “attack” pre-emptively to prevent or stop sabotage attempts.
Under a new strategy of “active cyber defence”, Japan plans to allow hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers to neutralise the source of cyber attacks.
Prime Minister Shigeru Ishiba’s ruling Liberal Democratic Party (LDP) will table the relevant Bills when Japan’s parliamentary session begins on Jan 24.
The urgency to ramp up cyber security has never been more acute in Japan.
On Jan 8, the National Police Agency (NPA) said some 200 cyber attacks that targeted entities such as Japan’s foreign and defence ministries and the semiconductor industry between 2019 and 2024 were carried out by Chinese state-linked hacking group MirrorFace.
One day later, internet security firm Trend Micro said its investigations found that at least 46 Japanese entities came under cyber attack in the two weeks since Dec 26, temporarily disrupting banking services and even causing delays to Japan Airlines (JAL) flights.
Former defence minister Itsunori Onodera, now the chairman of LDP’s policy research council, said on Jan 16 that it is critical to quickly establish laws, given the recent spate of attacks.
He said: “With cyber attacks against critical infrastructure occurring one after another, the lives of Japanese people are at risk if we do not improve our cyber-security capabilities as soon as possible.”
The need for stronger cyber security was spelt out in Japan’s revised National Security Strategy document in 2022, which said cross-border hacks of critical civilian infrastructure amounted to a grey-zone situation designed to intimidate while stopping just short of a conventional war.
“Cyber attacks have been used constantly to disable or destroy critical infrastructures, interfere in foreign elections, demand ransoms and steal sensitive information, even in the form of state-sponsored cyber attacks,” the document said.
Domestic and foreign observers have long pointed to Japan’s cyber vulnerabilities, including a chronic shortage of highly skilled personnel, while private companies have generally been slow to upgrade systems to weed out weaknesses or program bugs.
It is now playing catch-up, including by raising awareness and drastically ramping up recruitment. The Ministry of Defence has sharply grown the SDF’s cyber unit from 620 people in March 2024 to about 2,400 currently. It aims to further expand its ranks to 4,000 people in the year ending March 2028.
This brings it roughly on a par with Western countries, with Japan’s Defence White Paper 2024 noting that the US has a 6,200-member cyber-defence force, while France aims to reach 5,000 people in 2025. But it also noted that China has 30,000 people in its cyber-attack force, and North Korea, 6,800 people.
Nonetheless, the hope is that an “active cyber-defence” strategy can fundamentally strengthen its fight against hackers by boosting public-private sector cooperation, especially in the 15 areas that Japan has identified as its core infrastructure. They include electricity, gas, railways, shipping, aviation, telecommunications and finance.
The tentatively named National Cyber Security Office, due to be set up in 2025, will serve as the control tower for cyber-security policy. It will, among other things, advise the private sector of any bugs or vulnerabilities that it comes across.
To address potential concerns about monitoring, safeguards are expected to be in place.
For one, except for ongoing attacks that call for urgent attention, prior approval is needed for sanctioned hackers to break into the servers used by attackers that may be housed overseas to look out for and track potential malware infections and vulnerabilities, which could also infect even personal devices.
Penalties will also be written into the law to prevent excessive monitoring and leakage of personal information or private communications.
Professor Kazuto Suzuki of the University of Tokyo’s Graduate School of Public Policy, whose expertise includes science and technology policy, told The Straits Times that Japan’s weakness is its “slow decision-making” on cyber-security issues, and it remains to be seen how the new strategy will improve things.
“Deterrence in cyber security is a tough call. We don’t know the intent, and we are not sure what kind of methods attackers may take,” he said. “Active cyber defence may create some fear in the attacker’s mind that there may be retaliation, but I don’t think that will be enough.”
The planned Bills come as the NPA on Jan 8 said it was “reasonable to conclude there was Chinese government involvement” behind the MirrorFace attack campaign, which it labelled an “organised attack with the primary objective of stealing information related to Japan’s national security or advance technology interests”.
The NPA said MirrorFace had attempted to hack into computers by sending e-mails via Gmail or Microsoft Outlook with malicious attachments or links.
The senders’ addresses often mimic trusted – but stolen – identities and bear subject titles such as “Japan-US alliance”, “Taiwan Strait”, “Russia-Ukraine war” or “Free and Open Indo-Pacific”.
MirrorFace also exploited vulnerabilities in virtual private network settings, the agency added.
Besides government organisations, MirrorFace had also attacked the Japan Aerospace Exploration Agency, think-tanks, private companies, journalists and academics.
Separately, in July 2023, a Russian-led cybercrime organisation paralysed the Port of Nagoya – Japan’s largest shipping port by volume – for more than 48 hours.
Trend Micro has pinned the latest wave of cyber incursions on distributed denial-of-service (DDoS) attacks, in which network servers are deliberately overwhelmed with enormous amounts of data from multiple sources over a short period.
DDOS attacks can cause system malfunctions and bring down websites, which was what happened to JAL over six hours on Dec 26, when its check-in luggage services were disrupted and more than 70 domestic and international flights were delayed.
Financial services also suffered brief disruptions in late December with DDoS attacks on Mizuho Bank, MUFG and Resona Bank, while the Japan Weather Association said it was targeted on Jan 9.
Trend Micro said the DDoS attacks stemmed from a “botnet”, or a network of computers, routers, security cameras or other internet-connected devices that have been hijacked with malware. Hackers remotely control these botnet terminals simultaneously, taking down the target site with an overload of data.
“It is possible that the series of damage occurred within a single attack campaign, or even reconnaissance attacks, before a full-scale attack, although the situation is difficult to determine,” said Trend Micro security expert Katsuyuki Okamoto.
Japan aims to take a more proactive approach to cyber defence by allowing hackers working for the authorities to “attack” pre-emptively to prevent or stop sabotage attempts.
Under a new strategy of “active cyber defence”, Japan plans to allow hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers to neutralise the source of cyber attacks.
Prime Minister Shigeru Ishiba’s ruling Liberal Democratic Party (LDP) will table the relevant Bills when Japan’s parliamentary session begins on Jan 24.
The urgency to ramp up cyber security has never been more acute in Japan.
On Jan 8, the National Police Agency (NPA) said some 200 cyber attacks that targeted entities such as Japan’s foreign and defence ministries and the semiconductor industry between 2019 and 2024 were carried out by Chinese state-linked hacking group MirrorFace.
One day later, internet security firm Trend Micro said its investigations found that at least 46 Japanese entities came under cyber attack in the two weeks since Dec 26, temporarily disrupting banking services and even causing delays to Japan Airlines (JAL) flights.
Former defence minister Itsunori Onodera, now the chairman of LDP’s policy research council, said on Jan 16 that it is critical to quickly establish laws, given the recent spate of attacks.
He said: “With cyber attacks against critical infrastructure occurring one after another, the lives of Japanese people are at risk if we do not improve our cyber-security capabilities as soon as possible.”
The need for stronger cyber security was spelt out in Japan’s revised National Security Strategy document in 2022, which said cross-border hacks of critical civilian infrastructure amounted to a grey-zone situation designed to intimidate while stopping just short of a conventional war.
“Cyber attacks have been used constantly to disable or destroy critical infrastructures, interfere in foreign elections, demand ransoms and steal sensitive information, even in the form of state-sponsored cyber attacks,” the document said.
Domestic and foreign observers have long pointed to Japan’s cyber vulnerabilities, including a chronic shortage of highly skilled personnel, while private companies have generally been slow to upgrade systems to weed out weaknesses or program bugs.
It is now playing catch-up, including by raising awareness and drastically ramping up recruitment. The Ministry of Defence has sharply grown the SDF’s cyber unit from 620 people in March 2024 to about 2,400 currently. It aims to further expand its ranks to 4,000 people in the year ending March 2028.
This brings it roughly on a par with Western countries, with Japan’s Defence White Paper 2024 noting that the US has a 6,200-member cyber-defence force, while France aims to reach 5,000 people in 2025. But it also noted that China has 30,000 people in its cyber-attack force, and North Korea, 6,800 people.
Nonetheless, the hope is that an “active cyber-defence” strategy can fundamentally strengthen its fight against hackers by boosting public-private sector cooperation, especially in the 15 areas that Japan has identified as its core infrastructure. They include electricity, gas, railways, shipping, aviation, telecommunications and finance.
The tentatively named National Cyber Security Office, due to be set up in 2025, will serve as the control tower for cyber-security policy. It will, among other things, advise the private sector of any bugs or vulnerabilities that it comes across.
To address potential concerns about monitoring, safeguards are expected to be in place.
For one, except for ongoing attacks that call for urgent attention, prior approval is needed for sanctioned hackers to break into the servers used by attackers that may be housed overseas to look out for and track potential malware infections and vulnerabilities, which could also infect even personal devices.
Penalties will also be written into the law to prevent excessive monitoring and leakage of personal information or private communications.
Professor Kazuto Suzuki of the University of Tokyo’s Graduate School of Public Policy, whose expertise includes science and technology policy, told The Straits Times that Japan’s weakness is its “slow decision-making” on cyber-security issues, and it remains to be seen how the new strategy will improve things.
“Deterrence in cyber security is a tough call. We don’t know the intent, and we are not sure what kind of methods attackers may take,” he said. “Active cyber defence may create some fear in the attacker’s mind that there may be retaliation, but I don’t think that will be enough.”
The planned Bills come as the NPA on Jan 8 said it was “reasonable to conclude there was Chinese government involvement” behind the MirrorFace attack campaign, which it labelled an “organised attack with the primary objective of stealing information related to Japan’s national security or advance technology interests”.
The NPA said MirrorFace had attempted to hack into computers by sending e-mails via Gmail or Microsoft Outlook with malicious attachments or links.
The senders’ addresses often mimic trusted – but stolen – identities and bear subject titles such as “Japan-US alliance”, “Taiwan Strait”, “Russia-Ukraine war” or “Free and Open Indo-Pacific”.
MirrorFace also exploited vulnerabilities in virtual private network settings, the agency added.
Besides government organisations, MirrorFace had also attacked the Japan Aerospace Exploration Agency, think-tanks, private companies, journalists and academics.
Separately, in July 2023, a Russian-led cybercrime organisation paralysed the Port of Nagoya – Japan’s largest shipping port by volume – for more than 48 hours.
Trend Micro has pinned the latest wave of cyber incursions on distributed denial-of-service (DDoS) attacks, in which network servers are deliberately overwhelmed with enormous amounts of data from multiple sources over a short period.
DDOS attacks can cause system malfunctions and bring down websites, which was what happened to JAL over six hours on Dec 26, when its check-in luggage services were disrupted and more than 70 domestic and international flights were delayed.
Financial services also suffered brief disruptions in late December with DDoS attacks on Mizuho Bank, MUFG and Resona Bank, while the Japan Weather Association said it was targeted on Jan 9.
Trend Micro said the DDoS attacks stemmed from a “botnet”, or a network of computers, routers, security cameras or other internet-connected devices that have been hijacked with malware. Hackers remotely control these botnet terminals simultaneously, taking down the target site with an overload of data.
“It is possible that the series of damage occurred within a single attack campaign, or even reconnaissance attacks, before a full-scale attack, although the situation is difficult to determine,” said Trend Micro security expert Katsuyuki Okamoto.
- 21/1 19:58
- Comment (0)
- Trackback(0)