22 July 2017

Japan’s Defense Ministry Plans to Boost Number of Cyber Warriors

By Franz-Stefan Gady

The defense ministry is mulling a plan to significantly increase the size of its cyber warfare force. 

The Japanese Ministry of Defense (MoD) is considering increasing the number of soldiers in its Cyber Defense Unit (CDU) from around 110 to 1,000 and establishing a new working group to study cyberwarfare techniques, according to unnamed government sources. The initiative is part of the Japanese government’s plan to boost its cyber defense capabilities ahead of the 2020 Tokyo Olympic and Paralympic Games, a source told Kyodo News, Japan’s leading news agency.

Japan’s cyber defenses remain underdeveloped, especially in the military realm.

The Japanese MoD only stood up its first Cyber Defense Unit (CDU), initially composed of 90 soldiers and tasked with defending military networks, in 2014. Overall, the Japan Self-Defense Force (JSDF) has a few hundred soldiers deployed to protect the military’s critical information infrastructure, which increasingly has come under attack from Chinese, Russian, and North Korean state-sponsored and non-state actors.

Japan continues to be adamant about that it will not acquire offensive cyberwar capabilities as they would violate Japan’s constitution, which outlaws the use of force beyond self-defense. Japanese Prime Minister Shinzo Abe repeatedly stated that the the reinterpretation of Article 9 of Japan’s pacifist constitution (the 2015 “Legislation for Peace and Security” does not apply to JSDF activities in cyberspace.

“It is indispensable to study methods of attacks to build an appropriate defense posture. It is not for the Self-Defense Forces themselves to conduct a cyberattack,” the government source told Kyodo News on July 16. As a result, the CDU will be confined to studying offensive cyberwar techniques as the Japanese government continues to debate whether the JSDF are allowed to conduct cyberattacks in defense of military networks.

Under Japanese law, cyberattacks remain classified as “crimes” and not as “armed attacks,” even when military forces of another state are involved. A legal reclassification of cyberattacks as “armed attacks” would be one of the prerequisites for the deployment of JSDF offensive cyberwarfare units in defense of government networks. However, even with the legal reclassification, it is unclear in what capacity the JSDF would cooperate with Japan’s private sector when it comes to cyber intelligence-gathering — a key component to developing sophisticated offensive capabilities in cyberspace.

Japan relies on the U.S.-Japan alliance to increase its cyberwarfare capabilities, however, cooperation between the two countries remains underdeveloped. The U.S.-Japan Treaty of Mutual Cooperation and Security also does not offer concrete guidelines whether a cyberattack on Japanese critical information infrastructure mandates U.S. military intervention in cyberspace.

The Japanese government purportedly plans to increase the manpower of the JSDF’s CDU to 1,000 by the end of fiscal year 2023.

No comments: