Tokyo to lay out cyberattack countermeasures
Options include digital retaliation when critical infrastructure is damaged
TOKYO -- Japan will plan responses, including digital countermeasures, against hacking attacks that damage critical infrastructure, seeking to clear a legal path to do so in time for the 2020 Olympics.
The government aims to designate 13 fields of critical infrastructure, including electrical power, rail transport, medical facilities and financial institutions. Attacks on such infrastructure would be ranked at one of five levels of increasing seriousness depending on the extent of the damage. At levels three and above, Tokyo would intervene to stem disorder, and at level five it would respond via cyber means. The plan also will establish a hacking team within the government to carry out the response.
The plan is modeled after similar response frameworks in the U.S. and Britain. America classifies malware attacks that cause some electrical power or public transport systems to malfunction, or disrupts people's lives, as level three and above. It allows for the government to respond through such means as cyber retaliation.
Japan is expected to classify emergency situations -- such as damage to or disruption of nuclear power plant systems -- as level five. Bodies including the cabinet secretariat, Ministry of Defense and National Police Agency will work out how to define the levels, as well as what concrete steps to take at each one.
The cabinet's National Center of Incident Readiness and Strategy for Cybersecurity will lead efforts to quickly deliberate countermeasures, in light of the widespread damage from the current global ransomware attack. It intends to include the measures in a new cybersecurity strategy to be presented in June. Tokyo also aims to ward off future cyberattacks by showing it will prepare responses.
Japanese law prohibits any person from accessing others' computer systems without authorization. As such, Tokyo would need a legal exception for response options such as accessing an attacker's server or infecting them with a virus. It may justify itself on the basis of legitimate self-defense or necessity, and may revise relevant laws as well.
Some within the government believe Japan should respond to cyberattacks by exercising its right of self-defense, but that approach raises questions, including whether all such digital strikes meet the conditions to trigger that right.
The core means of digital response would be knocking out attackers' servers with a distributed denial of service attack, which overwhelms the target with huge volumes of data. Pinpointing the source of the attack would require sophisticated technology, and Japan may need overseas partnerships such as with the U.S.
Cyber assailants often redirect their attacks through third-party countries or pose as others to escape detection. The government may not be able to check rampant cyberattacks if it cannot locate attackers, and some worry that in its efforts to do so, it could impinge on people's rights by monitoring communications.