Major defence contractors in Japan report hacking as country kicks off cyber-security month

Japan has devoted 25.6 billion yen (S$323 million) in its defence budget for this fiscal year to improving cyber security. PHOTO: REUTERS

TOKYO - Japan kicked off its second annual cyber-security month this week under a cloud, as four major companies with contracts with the Defence Ministry reported having information stolen by hackers.

While the government was quick to stress that no sensitive highly-classified information was leaked, the spate of cases has raised questions over Japan's readiness to combat cyber attacks.

Kobe University security expert Tosh Minohara told The Straits Times that the hackings signalled espionage activity, and he, along with other experts cited in Japanese media, pointed to Chinese hackers as the likely culprits. .

He added: "This is just the tip of the iceberg. There are many other companies that have not reported being hacked out of fear of negative publicity, or worse, because they don't even know they have been hacked."

Mr Max Heinemeyer, who is director of threat hunting at cyber-security start-up Darktrace, agreed. The firm taps artificial intelligence to detect unusual or atypical activity and then works to block these unauthorised attempts from gaining a foothold in networks.

He said: "The risk of being hacked might be higher for espionage or political motivations - like the theft of defence data - but it is important to understand that everyone can be a target today."

Mitsubishi Electric, which is a major player in Japan's defence and infrastructure industries, reported on Jan 20 that it has been a victim of a major cyber attack.

It said that data about government agencies and other business dealings may have been compromised. These include e-mail exchanges with the Defence Ministry and the Nuclear Regulation Authority, as well as documents related to projects with utilities firms, railway operators, telecommunications companies and carmakers.

NEC then said on Jan 31 that cyber attacks over a period of several years had led to the unauthorised access of 27,445 files.

These include a technical proposal that was made to the Self-Defence Force (SDF) about submarine sonar technology.

On Thursday (Feb 6), manufacturer Kobe Steel and satellite-based geospatial information provider Pasco also announced that they had come under attack via computer malware.

Kobe Steel, which supplies submarine parts to the SDF, said some 250 files including information on the Defence Ministry and personal data might have been leaked.

In launching the cyber-security month on on Monday (Feb 3), Chief Cabinet Secretary Yoshihide Suga said that the government would make every possible effort to enhance cyber security and called for greater awareness.

Dr Minohara, who also chairs the Research Institute for Indo-Pacific Affairs think-tank, called for more commitment in both the public and private sectors to address what is a growing threat.

Japan has devoted 25.6 billion yen (S$323 million) in its defence budget for this fiscal year to improving cyber security, through such means as expanding the headcount of a cyber defence unit established in 2014 from 220 to 290 people.

It also has a National Centre of Incident Readiness and Strategy for Cybersecurity, which is under the Cabinet Office.

But Dr Minohara said this was not enough. "Japan acknowledges the cybersecurity threat and has been trying to deal with it, but this is nothing near the scale of countries like the United States or Britain."

He added: "The safety of Japanese society seems to have translated into a false sense of security online, where there is a lot of sloppiness."

What is at stake, he stressed, is Japan's security partnerships, no least its alliance with the US, given that online systems where sensitive information is shared are "only as strong as the weakest link".

Mr Heinemeyer was surprised that hackers could succeed in gaining backdoor access into major defence contractors that do business with the Defence Ministry.

"Cyber security in the private sector is not standardised, and it is sometimes even shocking to see the state of immaturity in some major companies," he said, though stressing that it was mostly not out of malice or neglect, but a lack of awareness of the need to invest and bolster their online infrastructure.

Join ST's Telegram channel and get the latest breaking news delivered to you.