US-Japan cyber cooperation comes to life
When the U.S. and Japanese governments announced new bilateral defense guidelines in April, they brought the alliance firmly into the 21st century.
U.S. Secretary of Defense Ash Carter and Japanese Minister of Defense Gen Nakatani sealed their commitment to coordinate cybersecurity efforts in Singapore on May 30, with the U.S. pledging to come to Japan's aid in a cyber emergency. But the challenges facing cyberspace security and policy are only starting to be addressed by the alliance.
Japan and the U.S. have come a long way. It was only in 2013 that the two governments announced a working group to coordinate cyberdefense that ultimately led to some of this year's revisions to U.S.-Japan defense guidelines and to April's wide-ranging announcement on cybersecurity cooperation during Prime Minister Shinzo Abe's visit to Washington.
Power of two
With an eye on China and North Korea, the two governments committed to share information on threats and to cooperate to protect critical infrastructure and the defense services. The vision for cooperation extends beyond defense, with both governments pledging to "identify specific peacetime cyber norms" so that global norms, and eventually laws, might protect U.S. and Japanese interests.
The joint document issued following Abe's state visit specifically mentioned cooperating to influence global Internet governance, and it used the same phrasing as the new U.S. Department of Defense Cyber Strategy in committing to address "cyber-enabled theft of intellectual property."
Still, the alliance has a long way to go. New tools, new institutions, and new diplomatic initiatives will all be necessary to bring U.S.-Japan cooperation into the information age.
The term "cybersecurity" encompasses a wide variety of specific risks and responses. These range from the U.S. Department of Defense's goal of building international alliances to "deter shared threats" to an explicit joint emphasis on protecting intellectual property. This is not just to defend military technology but to stop commercial espionage.
Already the two national security establishments have made significant progress on security priorities online. The new bilateral defense guidelines, combined with Japan's passage of a controversial secrecy law that eases the sharing of classified information, and Japan's efforts to improve cybersecurity before the 2020 Tokyo Olympics, have set the U.S. Department of Defense and the Japanese Self-Defense Forces on a path toward coordinated cyberdefense in the military sphere. This effort should increase the reliability and resilience of military forces and decrease the risk that computer attacks could cripple the allied response in a contingency involving China or North Korea, countries known to invest heavily in network warfare.
Still, U.S. ambitions in cybersecurity defense are far broader than those expressed by Japan. The U.S. Cyber Strategy marks an increased emphasis on deterrence, as opposed to defense alone, but the documents from Abe's meeting with President Barack Obama leave the question of cyber offense unexplored.
As Japan debates the doctrine of collective self-defense within the alliance, these cybersecurity agreements add an additional potential trigger point for Japanese involvement in international conflict, raising questions about what constitutes a threat to Japan.
An entirely different set of questions arises with the goal of protecting intellectual property. Here, the computer security community has long emphasized that sharing information about attacks and vulnerabilities is crucial to defending against motivated hackers. Within the U.S. and elsewhere, however, companies have been reluctant to share information about security breaches, and government secrecy rules have made it difficult to inform companies if authorities discovered they were at risk.
These same difficulties apply in international cooperation, only more so. Each country's government and companies will need to balance their natural tendency toward secrecy with the mutual benefit of sharing data. Simply setting up offices to share information will not remove the challenge of inducing companies and government agencies to act on threat information. The U.S. and Japan have set out ambitious goals, but they still might not be enough to affect everyday security practices at companies.
A good fit
Despite these challenges, cybersecurity is a natural area for cooperation in the U.S.-Japan alliance. To the extent that the alliance is there to ensure Japan's security, it must adapt to cover new threats to that security, including those online. The alliance also plays a central role in the U.S. policy to rebalance toward Asia and in protecting U.S. military assets in based in Japan. Moreover, both countries have advanced economies built on highly computerized societies.
It is therefore unsurprising that U.S.-Japan cooperation in cyberspace has significant implications for both countries' relations with China. Indeed, internationalization of cybersecurity efforts is an underappreciated element in the increasingly apparent U.S. cybersecurity policy toward China.
Under pressure from U.S. businesses and the defense establishment, the Obama administration has indicted Chinese military service members for online theft of trade secrets; arrested a Chinese professor and charged several others with commercial espionage; issued an executive order that allows the imposition of sanctions for cyber theft; and named China as a key cyber threat in a document that emphasizes deterrence and even the possibility of pre-emptive cyberattacks.
Working with Japan and other allies can give the U.S. even greater leverage to deal with the Chinese government, which it sees as a repeat online offender.
Ultimately, however, the challenge facing the U.S.-Japan alliance is one of epochal change in East Asia and the global economy. The U.S. and Japanese governments should advocate strongly for their values and interests in an open and secure Internet. But if they and China cannot reach a broader strategic equilibrium, no amount of planning and cooperation can ensure peace and stability, online and offline, in the region.
Graham Webster is a senior fellow at the Yale Law School China Center specializing in U.S.-China relations and author of U.S.-China Week, an analytical newsletter.