Over the years, Japan has repeatedly fallen victim to hackers. And as the 2020 Summer Olympic Games approaches, the attacks against the country’s cybersecurity defenses are alarmingly increasing.
According to John Kirch, regional director for North Asia at Darktrace, a security company – “In 2014, there were more than 25 billion cyberattacks in Japan, compared with 300 million in 2005” – including the attempt to take down Prime Minister Shinzo Abe’s website in December 2016, the hacking of around 100 websites in Japan by a loose online collective called anonymous, and the virus that hit Japan’s pension system leaking about 1.25 million pension records.
This sheer volume of cyberattacks does not only appear to be “overwhelming for the unprepared” but had, as well, proved humiliating for companies and institutions that had put consumer data at risk. Moreover, it poses a serious threat to national security.
To address the problem, PM Abe and his policy-makers have significantly enhanced Japan’s cyber-defense capabilities by pursuing multilateral cyber cooperation with the United States and other more countries. And recently, during his trip to Estonia in January, had announced to join the Atlantic alliance’s Cooperative Cyber Defense Center of Excellence.
However, it is argued that the huge cybersecurity issues that Japan faces more often come from “insiders” which makes the problems escalate to multiple levels. According to the experts – while bilateral and multilateral cooperation can help toughen the country’s responses to security challenges, the government must also look into the following “inside problems” if it wishes to truly strengthen its cybersecurity:
Japan needs to train more people to do the work needed to secure networks
The primary concern for Japan, according to Japan Today, is the lack of fully-trained staff to assure secure networks. As per the government estimate, there are currently 265,000 people who are working in cybersecurity. However, for a strong cyber-defense, the nation needs to have 350,000 fully-trained people – which means that an additional 160,000 need to be in training.
One factor that causes this problem is because in Japan, not until the university level that the students are exposed to computer programming – which for William Saito, special adviser to the prime minister on cyber issues, is a national security concern.
“We lack, some say, 80,000 cyber literate workers in Japan at a minimum. Not only are we losing competitiveness, efficiency, but obviously the IP that we lose via theft. Thus, it is a huge concern that we need to put immediate attention towards.”
More business executives need to be involved in cybersecurity discussions
There is a continued belief among Japanese companies that cybersecurity is an issue of information technology (IT) and has nothing to do with their business risk management. In other words, cybersecurity is often perceived as purely technical and has to be dealt with only by the IT people.
In line with this thinking, the 2013 KPMG cybersecurity survey reported that only 13 percent of the Japanese business executives strongly believe that they should be involved in talks about preventing cyber attacks.
In response to the problem, and because Japan is facing a shortfall of cybersecurity manpower with the 2020 Tokyo Summer Olympic Games nearing, the government “encourages business executives to take the cybersecurity measures as part of their social responsibility and raise cybersecurity awareness.”
The Japanese should be more exposed to the English language
The language barrier is certainly a problem. In discussing highly-technical or policy issues in non-native language, the Japanese find it really challenging to express themselves.
Professor Greg Austin from the Australian Centre for Cyber Security thinks that the Japanese language has been a barrier to overseas experts to express and share information.
“Where Japan lagged has been in what you might call the institutionalisation of cooperative strategies, both within Japan between the government and private corporations, but also between Japan and other countries.”
This problem also makes up the cybersecurity mindset gaps that exist between Japan and other countries that make it difficult for Japan to be visible.
Of course, when it comes to attacks from quasi-state actors, the reason is not just because of North Korea’s and Russia’s general sense of animosity or China’s disputes over territorial and Nanking issues, but because Japan is seen as a great threat because of its advanced capabilities. Considering the wide range of hacking: from defense information to emails and documents, Japan is a high-value target – technology, militarily, and economically.
So, what can Japan do?
While openness to foreign help makes a lot of difference, the willingness to acknowledge the problem and acting on them is the key for Japan to strengthen its cybersecurity.