Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo Focus: Asia

Japan to Spearhead Pan-Asian Anti-Cyberattack Coalition

Japan Explores International Partnerships to Beef Up Security Resources
Japan to Spearhead Pan-Asian Anti-Cyberattack Coalition
The Tokyo skyline (Image: Shutterstock)

Japan is pinning hopes on international and regional partnerships to spearhead a pan-Asian counter-cyberattack grid as the country races to find solutions to rising cyberattacks and a declining technology workforce.

See Also: OnDemand | New Phishing Benchmarks Unlocked: Is Your Organization Ahead of the Curve in 2023?

Japanese Prime Minister Fumio Kishida recently returned from a four-day trip to the United States, where he sealed a trilateral pact with the U.S. and the Philippines that promises to give Japan a major boost in cyber defense.

Kishida said the three-nation summit established the Japan-U.S.-Philippines Cyber and Digital Dialogue and enabled further cooperation in the cyber domain as part of an allied push towards meeting economic and security-related challenges from regional foes such as China.

The joint summit followed the U.S. and Japan setting up another high-level cyber consultative body with South Korea in a summit held at Camp David in August. The three nations pledged to strengthen joint response capabilities to prevent North Korea from using cyber activities to fund its weapons development program (see: US, Korea and Japan Team Up to Fight DPRK Cyberattacks).

In recent days, Japan has also sought participation in international cybersecurity exercises, including the NATO-led "Locked Shields" live-fire cyber defense exercise, and it plans to host cyber exercises involving the Self-Defense Forces, U.S. forces and other participants.

Woeful Cybersecurity Defenses

Japan's move to international partnerships comes amid the country's declining capability to respond to cyberattacks in recent years.

The country released its first cybersecurity strategy in 2015 and enhanced annual defense budgets to boost its cybersecurity workforce, but incidents of hacking of government agencies and private organizations have forced a change in how the government plans to respond to such attacks.

In 2021, suspected Chinese state actors gained access to the data of multiple Japanese government agencies and public sector organizations after they breached a Fujitsu collaboration and project management software used by hundreds of organizations to run digital projects. The Ministry of Land, Infrastructure, Transport and Tourism said the hackers accessed at least 76,000 government emails and proprietary documents.

Cybersecurity company Rapid7 said last year that Japan faces disproportionate state-sponsored attacks compared to other countries in the region. Russia-linked cybercrime and hacktivist groups such as KillNet and LockBit 3.0 have increased their focus on Japan since the country declared its support of Ukraine after Russia's invasion. Meanwhile, China-linked actors such as APT10-linked Bronze Riverside and Bronze Starlight have targeted China-based subsidiaries of Japanese manufacturers to gain access to intellectual property (see: Cybercriminals Zero In on Japan's Manufacturing Sector).

Japanese organizations also faced disproportionately higher losses to cyberattacks in 2023, according to an IBM study. Domestic organizations lost $4.52 million on average to every breach incident, compared to an average loss of $3.05 million reported by organizations based in ASEAN countries, from the Philippines and Indonesia to Australia.

Japan responded to these indicators by raising cybersecurity investments both in the military and civil domains. The Ministry of Foreign Affairs announced in December a $48 million corpus to help overseas diplomatic missions enhance their resilience to cyberattacks. The ministry also announced a $176 million fund for building "an information security infrastructure and centralizing management and utilization of information assets."

"As rivalries between states intensify, their competition is expanding beyond the scope of traditional military capabilities to information warfare in the cognitive domain, including the spread of disinformation and the like," said Foreign Minister Yōko Kamikawa. "In order to address this situation, we need to strengthen our information gathering, analysis and dissemination capabilities in an integrated manner."

Kamikawa warned in February that the country's lax cybersecurity defenses could affect long-term strategic partnerships with the United States and other countries. U.S. government agencies in 2020 warned Japan that Chinese actors had gained access to sensitive diplomatic communications from government systems, forcing the government to act quickly to restore the security of diplomatic exchanges.

Since 2022, the government has allocated $217 million to the Defense Ministry to bolster capabilities in the cyber domain, including expanding cyber-related units, establishing a common cyber skill evaluation methodology for the workforce, recruiting chief cybersecurity advisers, and using "external resources for tasks requiring a high level of expertise in dealing with cyberattacks."

The government has also allocated funds for research on the cybersecurity of the military's operational technology systems and the development of a System Network Management System to protect, monitor and control all military systems, but its capability could be compromised by the severe workforce shortage.

ISC2's 2022 Cybersecurity Workforce Study reveals that Japan accounted for the largest deficit of cybersecurity professionals in the Asia-Pacific region and faces a shortfall of 55,800 security personnel - approximately one-quarter of the overall shortage of 2.16 million professionals in APAC. As a result, about 70% of Japanese organizations face skill shortages within security teams.

Japan plans to form deeper cybersecurity partnerships with the West and neighboring countries to help cover that shortfall. The country's trilateral cybersecurity partnerships featuring the U.S., South Korea and the Philippines over the past few months coincided with Google establishing a Cybersecurity Center of Excellence in Japan to train cybersecurity professionals, facilitate policy dialogues and support research by universities and research institutions.

Microsoft announced in April that it will establish its first Microsoft Research Asia lab in Japan and deepen its cybersecurity collaboration with the Government of Japan, in addition to investing $2.9 billion to boost its hyperscale cloud computing and AI infrastructure in the country.

Japan to Lead Pan-Asia Cybersecurity Grid

According to Nikkei, Kamikawa will present an ambitious cybersecurity budget this summer to make Japan the nucleus of a pan-Asian information network to protect regional information systems from cyberattacks.

The government's new plans may involve funding Southeast Asian and Pacific island nations to bolster their cybersecurity and partnering with the U.S. and Asia-Pacific countries to train workers and share intelligence on cyberthreats.

Kishida announced a $75 billion fund at New Delhi in March and said that Japan will use the resources to enhance connectivity in the Indo-Pacific region and ensure open seas and skies. These announcements and partnerships point toward the country's increasingly assertive stance in the face of threats from cybercriminals and nation-state actors.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.