Analysis: The glitch in Japan's plans to bolster U.S. defence
26/04/2024 03:42
By Kaori Kaneko, Tim Kelly and John Geddie
TOKYO, April 26 (Reuters) - As the United States faces
security threats across the globe, its close ally Japan has
committed to stepping up as a trusted defence partner - but
Tokyo's cyber and information security vulnerabilities remain a
concern, officials and experts say.
Japanese Prime Minister Fumio Kishida, who is overseeing a
once-unthinkable military build-up, told the U.S. Congress this
month that Tokyo was committed to helping its partner counter
challenges ranging from Russia's war in Ukraine to an
increasingly assertive China.
That came as the allies announced new areas of military
cooperation, including tapping Japan's industrial capacity to
bolster defence production and possibly developing new
technologies with AUKUS security partners Australia and Britain.
But Tokyo has suffered high-profile hacks in recent years
that have shut down its biggest port, breached servers at its
leading defence contractor, Mitsubishi Heavy Industries
7011.T , and even infiltrated the government's own
cybersecurity centre. Although Japan is not alone in being
targeted by such attacks, they have elevated long-held concerns
over whether Tokyo can fully support its security partners.
"It's really been an Achilles heel for Japan and the U.S,"
said Mark Manantan, director of cybersecurity and critical
technologies at the Pacific Forum think tank in Hawaii.
Japan faces an uphill battle in creating the systems and
finding the people it needs to plug these vulnerabilities,
officials and experts say.
Dennis Blair, the former U.S. director of national
intelligence, travelled to Tokyo in 2022 to address lawmakers
and journalists, telling them Japan's weak cyber defences were
the biggest liability in the countries' security alliance.
Later that year, Japan announced plans to recruit more
personnel for its cyber capabilities. But the pace of
recruitment seems set to slow, according to the latest defence
ministry figures, amid fierce competition for such workers and
high private-sector salaries.
A U.S. State Department spokesperson said Japan's "ability
to adequately protect sensitive data and information" would be
considered when identifying collaboration opportunities.
Asked whether Washington had raised such concerns with
Tokyo, Japan's defence and foreign ministries said they had been
communicating closely on the matter but declined to elaborate on
the discussions.
RECRUITMENT PROBLEMS
In 2022, Kishida unveiled a historic plan to double defence
spending over five years, including moves to quadruple its core
cyber defence force to about 4,000 people, backed up by 16,000
support staff.
Kazuhisa Shimada, a former vice defence minister and one of
the key architects of that plan, told Reuters the recruitment
target would be tough to hit within that time frame.
"When we came up with the number, our cybersecurity
officials were cautious," he said. "Japan as a whole lacks
cybersecurity human resources."
The defence ministry said in April it had recruited 2,230
core members so far and expects to add another 180 by March
2025, but was still aiming to hit its target. It did not say how
many support staff were in place.
Defence Minister Minoru Kihara has proposed easing physical
fitness requirements and offering salaries up to 23 million yen
($149,108), the same as a top bureaucrat, for cyber recruits.
But that is only half of what a senior industry expert can
earn, according to Itsuro Nishimoto, chief executive of Japanese
cybersecurity firm LAC Co., and unlike private firms the
government must hire only Japanese nationals.
Japan also said in 2022 it wants to pre-emptively hunt down
and neutralise potential cyber threats, many of which originate
beyond its borders, a tactic commonly used by its allies.
But the government has yet to submit the legal amendments to
parliament that would allow such strikes - controversial given
the country's pacifist constitutional constraints.
Akihisa Nagashima, a ruling party lawmaker and former deputy
defence minister, said those amendments may not reach parliament
until next year, which was disappointing given "Japan is getting
cyber attacks on a daily basis".
Japan's National Police Agency said the daily average number
of cases of suspicious internet access, a broad measure that
includes cyberattacks, hit a record of 9,144 last year, up from
a previous record of 7,708 in 2022.
SLOW PROGRESS
Expectations that Japan can step up international
collaboration on defence projects have been bolstered by Tokyo
recently relaxing rules on defence exports.
The country can now ship Patriot air defence missiles it
builds under licence back to the United States, for example, and
will let Britain and Italy export an advanced jet fighter they
are developing together.
Although it would be a leap for Japan to supply arms to a
country at war, the rule changes have opened the door for
overseas arms manufacturers to tap industrial capacity that was
once off limits.
Even that may be tangled in bureaucracy, however. Because
Japan does not have a system for companies to handle classified
information comparable to those of the U.S. and its other
allies, projects such as the fighter jet are done under
burdensome bespoke frameworks, said Jeffrey Hornung, an expert
in Japanese security policy at the Rand Corporation.
Legislation proposed in February is meant to remedy this,
but it could take up to five years for a new vetting system to
become operative, said Jun Osawa, a senior research fellow at
Nakasone Peace Institute in Tokyo.
"Japanese companies don't have a culture of handling
information that requires clearance, which takes more time,"
Osawa said.
All the hurdles add up, officials say, even as Japan
produces more weapons and regears its defence industry.
Former Pentagon official Bill Greenwalt dismissed as
"political theatre" the idea that Japan could be plugged into
Western security projects such as AUKUS.
"There is no chance to do so with Japan, whose security
apparatus is still in a peacetime mode and immature," he said.
(Reporting by Kaori Kaneko, Tim Kelly and John Geddie in Tokyo;
additional reporting by David Brunstromm in Washington; Editing
by Gerry Doyle)
((John.Geddie@thomsonreuters.com; +81 80 7264 2833;))