TOKYO -- Japan's Ministry of Defense will expand its Cyber Defense Unit by 30% to nearly 300 people by next spring as increasing cyberattacks worldwide have spotlighted Japan's lack of readiness, especially in the military cybersecurity realm. The ministry will also step up recruitment of cybersecurity experts.
With the U.S. and China vying for supremacy in cybersecurity, Japan's lax defense posture could affect its alliance with Washington, analysts warn.
The CDU currently has 220 members from the Japanese Ground, Maritime and Air Self-Defense Forces. Even with the planned increase to 290 members by next spring, the unit will be much smaller than its American or Chinese counterparts.
The ministry plans to expand the CDU to around 500 members by the spring of 2024. But, said a senior ministry official, "We need to further strengthen our defense posture to counter new threats."
The U.S. government elevated its cyberwarfare unit the status of an independent "unified command" in 2018, putting it on the same level as others, such as the Indo-Pacific Command and the Space Command. The 6,000-strong Cyber Command is made up of more than 130 teams, including a cyberdefense unit tasked with protecting the Pentagon's computer systems, a national cybermission force to counter national-level threats, and a cybercombatant mission team to provide cybersupport for combat.
China has 100,000 cybersecurity soldiers who operate under the Strategic Support Force established in 2015. This unit of the People's Liberation Army, in collaboration with intelligence services and computer hackers, attempts to steal confidential information from other countries.
In 2018, China hacked a U.S. Navy contractor, stealing data on a supersonic anti-ship missile to be deployed on submarines.
The Russian military has around 1,000 members in its cyber task force, which is accused of meddling in the 2016 U.S. presidential election in an effort to manipulate public opinion in the country.
North Korea has a 6,800-strong team that carries out cyberattacks and attempts to steal funds and military secrets from other countries.
The U.S. has been urging its allies to reinforce their defense capabilities in cyberspace. Japan and the U.S. confirmed at a "two-plus-two" meeting of foreign and defense ministers in April last year that their bilateral security treaty covers cyberattacks.
At that meeting it was decided that cyberattack against Japan falls under Article 5 of the security treaty, which obliges the U.S. to defend Japan from attack. The two governments are likely to invoke the article in the event of large-scale cyberattacks on nuclear power plants or Self-Defense Force facilities in Japan.
"Cyberattacks against Japan meant to hinder its cooperation with the U.S. at a strategic level are conceivable," said Motohiro Tsuchiya, a professor at Keio University and an expert on cybersecurity.
The ministry will include measures to shore up Japan's cybersecurity in its budget request for fiscal 2021, envisaging the use of artificial intelligence to screen unknown computer viruses, for example. It is also considering joint drills with the U.S. and NATO to sharpen the skills of the Cyber Defense Unit.
"Earlier, the assumption was that there was little to do for Japan in the area of cyberdefense, as the SDF would not engage in offensive operations," Tsuchiya said. "It has also had difficulty transferring people into the cyber area from other jobs."
Japan has been slow to recruit and train cybersecurity personnel, so the ministry is considering bringing in outside experts for limited-term work, and offering salaries of more than 20 million yen ($187,900) to work with the administrative vice minister of defense. But the Defense Ministry has yet to determine how many such experts it will seek to hire.
The ministry will screen applicants so that only those with no possibility of leaking information are allowed access to classified material.
The Ground Self-Defense Force will create a course at its High Technical School in Yokosuka, Kanagawa Prefecture, in fiscal 2021 to train cybersecurity experts. The three-year program will train around 30 students in computer programming languages and other subjects.
The ministry envisions assigning graduates to the CDU and other units tasked with cybersecurity. "As cyber personnel show their talent when they are young, we should promote education for teenagers," said a ministry official in charge of communications.
"China has a system to transfer high school-age children with cyber abilities to the PLA," Tsuchiya said.
This year, it was discovered that contractors who work with the ministry, such as NEC and NTT Communications, had been repeatedly hit by cyberattacks. In an attack on Mitsubishi Electric, information on a high-speed gliding missile under development by the Defense Ministry may have been stolen.
Against such a backdrop, the ministry will set up a council with more than 10 big defense contractors to share information about cyberattacks and conduct joint drills.
But that may not be enough for Japan as SDF units are permitted to counterattack only when their systems are hit in cyberspace. The task of protecting the computer systems of other government bodies and the nation's key infrastructure from cyberattacks rests on another organization -- the National Center of Incident Readiness and Strategy for Cybersecurity. The center may need to think of ways to beef up its cyberdefense capabilities as well.