by John D’Amico:
The rise in the significance of cyberpower presents a new challenge for nations looking to maintain the security of critical military secrets. A recent spate of attacks on Japanese companies points to the insidious potential of this new, and as yet unregulated, sphere of espionage.
Last month, Mitsubishi Heavy Industries, the corporation that receives one-quarter of the Japanese government’s defense contracts, suffered cyber-attacks on its submarine, missile, and nuclear power plant component factories. These attacks came in the wake of intrusions earlier this year at Lockheed Martin, where encryption information obtained from a hack of RSA Security enabled infiltrators to access an unspecified amount of data. A close collaborator with American defense contractors such as Boeing, Mitsubishi Heavy Industries works on projects like the 787 Dreamliner jet, advanced submarines, and warplanes.
In spite of clear warning signs—an internal white paper released the month before the hack urged the institution of a more stringent cyber-defense—Mitsubishi Heavy fell prey to the first known cyber-attack on Japan’s defense industries. This intrusion is a testament to the difficulties involved in effective cyber security. The Japanese government, reacting with typical sluggishness, set forth a plan for an information-sharing agreement for cyber security between corporations and public bodies. Whether this measure will prove effective remains unclear, but it could help rally more institutional resources for protecting data critical for national security. On the international level, Tokyo may seek to ratify the Convention on Cybercrime, which sets forth a global structure for cooperation on issues of cyber defense. Both efforts build on a recently-passed bill in the Japanese House of Councilors that criminalizes the creation or distribution of a virus.
Controversy remains over the issue of attributing the attacks. Analysts agree that only other nations could harness the necessary resources to perpetrate the cyber-attacks on both Lockheed Martin and Mitsubishi Heavy Industries. With the vast amount of resources it pours into cyberwarfare units and into internal control of the Internet, China seems a likely candidate in terms of possessing the capacity to carry out attacks at this level. Given the United States’ natural reluctance to part with the military secrets it shares with its allies and China’s equally natural desire to expand and modernize its armed forces, China has a clear incentive to pursue such a hacking campaign. In fact, a hack into the Japanese Geospatial Information Authority this past Friday, the latest in the series that first struck Mitsubishi Heavy, was sourced to mainland China. However, China denied responsibility for the attacks (link).
With only circumstantial evidence left behind, cyber-attacks leave little room for establishing culpability. Only doubt and tension remain, sowing the seeds for battles outside of cyberspace.
John D’Amico ’15 is in Pierson College. He is a Globalist Notebook Beat Blogger on topics relating to East Asian politics and culture. Contact him at john.c.damico@yale.edu.