No Time for Caution: The Case for U.S.-Japan Cyber Partnership

No Time for Caution: Deepening the Cyber Partnership between the United States and Japan

Is the United States and more importantly its allies prepared for a cyber fight with China? There may not be a clear answer to the question of readiness, but China’s intent for large-scale cyber confrontation with America and its allies is undeniable. Federal Bureau of Investigation Director Christopher Wray described China’s aggressive efforts as “the defining threat of our generation” with hackers ready to “wreak havoc” to American interests. The soberness of these remarks have echoed throughout the past decade with multiple cyber-attacks affecting United States’ strategic commitments in the Asia-Pacific region.

Role of Japan in the Cyber Partnership

Japan; a key American ally in the Pacific, is expected to provide critical military infrastructure and services in the event of an escalated conflict between the world’s two superpowers, yet lags behind most developed nations in terms of cybersecurity measures. This glaring deficiency demands urgent attention, especially in light of a recent Department of Defense Cyber strategy memo which stated, “The People’s Republic of China’s theories of victory rest on the use of cyber means to degrade the combat capability of the Joint Force, as well as that of our Allies and partners.”

To confront the Chinese cyber threat to American and Japanese military infrastructure, the United States must deepen its cyber partnership with Japan, as this offers the best means to counteract malicious cyber-attacks and safeguard critical strategic nodes. Undoubtedly, this proposed solution will require significant implementation efforts, yet it remains evident that current United States initiatives to deter People’s Republic of China cyber-attacks are incomplete without the involvement of strong allies and partners. To this end, the United States should support enhanced recruitment of Japanese cyber professionals, the creation of a standardized and shared United States-Japan threat database, and performance of more cyber exercises and war-games.

State of Current Cyber Partnership

As it stands, the cyber partnership between the United States and Japan is in need of strong development. Challenges include hurdles with critical information sharing, bureaucratic limitations, and limited academic partnerships. In short, many of the current cyber related issues between the United States and Japan impede both nation’s ability to increase cyber readiness and enhance cyber resilience. Beyond the need for increased interoperability is the looming fact that Japan severely lags behind most developed nations in terms of cybersecurity practices. For instance, in 2020, Japan experienced one of its most damaging cyber security breaches in which China exposed classified defense network information for both Japan and the United States. Since then, cyberattacks have only risen in volume as China continues to conduct a record number of cybercrimes against an exposed Japan.

Recruit More Professionals

The first step to bolster Japan’s cybersecurity capabilities is by recruiting properly trained and well-equipped cyber professionals. Japan’s Ministry of Economy, Trade and Industry projects a shortage of 800,000 IT and cyber experts in Japanese industry and the military by 2030. The United States must incentivize industry, leverage government resources, and collaborate with academia to support this endeavor. The U.S. technology industry should incentivize and contribute a pool of cyber professionals who can help address the current shortage in Japanese industry and military defense. Industry leaders would not only help with national security efforts but also ensure a secure business environment for current and future endeavors.

The U.S. government can also help by allocating necessary funding and grants to strengthen Japanese cyber recruitment programs. Furthermore, the United States can facilitate training for current and future Japanese information technology recruiters to conduct recruitment drives and educational symposiums for the benefit of Japanese citizens and their military. American academic institutions can also play a pivotal role by nurturing the next generation of cyber professionals through bilateral university partnerships and curriculum sharing. American institutions holding the Cybersecurity certifications, awarded by the National Security Agency, should be the preferred choice for academic partnerships with Japan.

Joint Database

To protect the information that resides and passes over shared networks from People’s Republic of China influence, both America and Japan must have a unified understanding of cyberattacks and appropriate responses. Standardization is vital in an interconnected information technology landscape heavily dependent on collaborative networks and infrastructure, particularly within government and military systems. To bolster United States-Japan cyber defenses, a joint database is recommended that leverages industry best practices such as the Adversarial Tactics, Techniques, and Common Knowledge framework for intrusion analysis.

The Adversarial Tactics, Techniques, and Common Knowledge framework catalogs and categorizes cyber adversary behaviors, with a particular focus on the evolution of hostilities and potential targets—two critical factors in fortifying defense strategies and preparing responsive countermeasures. Emerging technologies such as artificial intelligence and machine learning hold immense promise in enhancing defensive and security measures in the cyber domain and should be leveraged. Artificial intelligence and machine learning practices can be leveraged to monitor United States and Japanese networks, automate the logging of intrusions and attacks, and provide real-time threat analysis. This would provide a common language for both nations to gain a robust understanding of People’s Republic of China threats and develop effective defensive strategies.

Exercises

While recruitment and more effective defensive posturing are important, the primary objective is to enhance the cyber resilience of both the United States and Japan. This involves conducting more robust war games and cyber exercises that include government agencies and military units, creating a safe-to-fail environment for refining operational procedures. Many of these war games require the expertise of a third party to construct real-world scenarios that test key objectives and reveal critical vulnerabilities of participants. For instance, Israel and the United Kingdom consistently engage in challenging cyber exercises, resulting in improved cybersecurity protocols and more assertive responses to successful cyberattacks.

For the United States and Japan, the goal of these war games would be to test interoperability in the cyber domain. Japan faces unique challenges, including constitutional limitations that prohibit offensive cyber operations, even in response to cyberattacks. Consequently, Japan must simulate how to effectively report incidents and coordinate with the United States to adequately respond to these challenges and cyberattacks. While the timing of cyberattacks may be dictated by the People’s Republic of China, the United States and Japan can thwart their success through pre-planned responses tested in wargames.

Conclusion

A comprehensive effort to bolster Japanese cyber defense may not guarantee victory in future conflict, but it will contribute to safeguarding a crucial partner’s most significant vulnerability. The time in which America can influence Japan’s cybersecurity efforts and thus protect its own interests is finite. Despite the collective efforts of both countries to maintain stability in the region, it is becoming increasingly clear that Japan’s lack of cyber protection is the Achilles’ heel that China may soon exploit. Through the proposed solutions and the development of similar initiatives, the United States and Japan can take significant strides toward deterring future People’s Republic of China cyber aggression and bolstering their collective cyber defenses.

Editor’s Note

The views and opinions expressed in this article are those of the author and do not represent those of the U.S. Navy, the Department of Defense, or any part of the U.S. government.

This article was originally published by RealClearDefense and made available via RealClearWire.