TOKYO -- Japan, the U.S., European countries and the Association of Southeast Asian Nations will join forces for a digital defense exercise, set to take place as early as this autumn, to prepare for possible cyberattacks on critical infrastructure, Nikkei has learned.
The joint international exercise would involve over 20 countries, including the U.S., UK, France, and the 10 ASEAN members. It will mark the first cyber defense drills of this scale organized by the Japanese government.
The coordinated effort comes as the coronavirus pandemic and upcoming elections create opportunities for hacking and disinformation campaigns, with the U.S. and other countries accusing Chinese and Russian groups of supporting these activities.
The exercise will be held online because of coronavirus-related travel restrictions. Participants will follow a scenario that assumes a cyberattack on such systems as power grids or waterworks that requires sharing information both within the Japanese government and with international partners.
Japan has already cooperated on digital security with many of the participants. Tokyo has taken part in the U.S.-led international exercise Cyber Storm and has held drills with ASEAN. In December, Japan's Ministry of Defense and Self-Defense Forces for the first time became a full-fledged player in the large-scale exercises hosted by NATO, participating in decision-making and information sharing.
The Takahama nuclear power plant in Japan. The government aims to protect such infrastructure from cyberattacks. (Photo by Tomoki Mera)
"It is very important that malicious cyberattacks are promptly detected and acted upon, minimizing spread of the damage," Chief Cabinet Secretary Yoshihide Suga has said. "We cannot act fast and appropriately without close cooperation with other countries."
The focus on international cooperation comes as the scale of damage from multination cyberattacks grows. Last autumn, the malware Emotet arrived in Japan, infecting computers and stealing personal information that enabled criminals to send spoofed emails. Hospitals and universities were victims.
"There is lingering damage from Emotet," according to an official at Japan's National Center of Incident readiness and Strategy for Cybersecurity, or NISC.
Among the cybersecurity threats in Asia are North Korean hackers, which authorities say target financial institutions for cash. An expert panel of the United Nations Security Council Sanctions Committee on North Korea reported in September 2019 that 17 countries including South Korea were victims of such attacks, and the damage was up to $2 billion.
To improve Japan's internal readiness, the NISC has held periodic cybersecurity drills with major infrastructure operators and the government agencies that oversee them since 2006.
Japan has designated 14 areas as critical infrastructure, including information and communications, aviation, ports, railroads, electric power and finance.
