EXECUTIVE SUMMARY:

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has experienced a breach. Sensitive network data may have been compromised. The data was likely accessible to hackers for nearly three-quarters of a year, and is believed to have included email exchanges.

How it happened

The breach appears to have occurred via a compromised email account belonging to an individual government staff member, said NISC. Affected officials and individuals both within Japan and overseas subsequently received warnings explaining that certain data may have been viewed by cyber adversaries.

Breach impact

The NISC says that the incident’s impact was highly limited. However, the duration of the breach, which began in October of 2022 and remained undiscovered until June of 2023, has raised concerns. For instance, some worry that if visibility into threats was limited then, it may remain limited now.

Those familiar with the attack noted that it triggered an investigation into whether or not adversaries’ network access made it possible for the hackers to access servers.

International entities perceived the attack as not only a danger to Japanese security, but also as a threat to effective information sharing among geopolitical allies.

“Japan’s cybersecurity nightmare is everyone else’s problem too,” warned Takahiko Hyuga, of the Japan Times, in April.

2020 cyber attack

In 2020, an extensive cyber attack affected Japan’s defense networks. The incident allowed cyber adversaries to gain deep, persistent access. They “appeared to be after anything they could get their hands on – plans, capabilities, assessments of military shortcomings,” according to three former senior U.S. officials.

In reference to the Port of Nagoya attack in July of this year, Paul S. Ziegler, CEO of the cyber security consulting firm Redflare, stated, “The old economy needs to figure out ways to make the IT team more powerful than senior management,” indicating that cultural norms around age and lack of interest in retraining workforces may have played a role in systems’ lack of security.

Tightening security

Cyber security experts in both the U.S. and the U.K have expressed concern regarding Japan’s cyber defense capabilities.

Lack of personnel and digital expertise have hampered Japanese efforts to defend against cyber attacks. The Japanese government’s current plans focus on expanding facilities for the cyber unit within Japan’s Self-Defense Forces.

As of March, the unit maintained just under 900 members. In contrast, the U.S. counterpart unit maintained 6,200 employees, while China’s counterpart agency retained at least 30,000 cyber security professionals.

Japan’s revised National Security Strategy stipulates that the country’s cyber security capabilities should be on-par with or should surpass those of leading Western nations, as to most effectively protect the country.

Beyond Japan

Emerging media reports indicate that the Japanese government intends to develop an information network for the entire Indo-Pacific region. This will ostensibly assist with countering cyber threats stemming from Russia, China and North Korea.

Within the network, participants will share indicators of compromise and evolving attack methodologies, as to enable swift deployment of appropriate countermeasures.  

For more on this story, please click here. Lastly, to receive more timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.

RELATED ARTICLESMORE FROM AUTHOR