Editorial Notes

Measures needed to prevent leak of defence data through cyber-attacks: Yomiuri Shimbun

In the editorial, the paper says that defence-related companies should constantly check whether security measures are functioning properly.

A massive leak of information was revealed at Mitsubishi Electric Corp in January. It is suspected that classified information on defence equipment was compromised at the company. PHOTO: ST FILE

TOKYO (THE YOMIURI SHIMBUN/ASIA NEWS NETWORK) - Cyber-attacks on Japanese defence-related companies are an issue that threatens national security.

A massive leak of information was revealed at Mitsubishi Electric Corp in January. It is suspected that classified information on defence equipment was compromised at the company.

At first, the company said, "There were no information leaks about defence or critical infrastructure." But the leak was found in its investigation into the case after that.

It is said that Mitsubishi Electric converted documents provided by the Acquisition, Technology and Logistics Agency into electronic files without permission and stored them on a terminal that could be connected to the internet.

This is nothing but an inappropriate treatment of documents.

Mitsubishi Electric was the third-largest defence-related company in Japan in terms of contract value with the Defence Ministry in fiscal 2018. The company lacks awareness that it was involved with important national information.

According to Mitsubishi Electric, 132 units of personal computers and other devices in Japan and abroad were suspected of having been illegally accessed .

The infection spread from a Chinese base, and a group of hackers linked to China is suspected of being involved in the case.

Some computer terminals were manipulated so that there was no trace of cyber-attacks. This suggests that the scheme was extremely sophisticated.

NEC Corp and Kobe Steel Ltd, both of which trade with the Defence Ministry, and major aerial survey firm Pasco Corp were also attacked.

At present, no leaks of defence-related information have been confirmed at these companies. But it would be serious if such information was targeted.

In many cases, defence equipment, such as radars for naval vessels, are jointly developed with the United States or other countries.

If classified information is leaked from the domestic defence industry, Japan's credibility would deteriorate.

This could hamper Japan's defence cooperation with the United States and other parties.

It is necessary to intensify preparations for protecting defence information from cyber-attacks.

Defence-related companies should constantly check whether security measures are functioning properly. They must put systems in place to deal with the increasing sophistication of attacks.

The ministry's cyber defence units are responsible for defending the Self-Defence Forces' command system and unit operations. It is necessary for the ministry to cooperate with the private sector so that the private sector can utilise this knowledge.

It is also important for the public and private sectors to establish a system to share information.

In its guidelines, the United States asks companies in the defence industry and others in charge of key infrastructure projects to report damage caused by cyber-attacks.

The Defence Ministry is also considering legally requiring companies to report the damage in cases of information leaks.

If companies that have been hit by cyber-attacks report promptly to relevant authorities and other companies take countermeasures based on the information, it would be possible to prevent the damage from spreading.

The Yomiuri Shimbun is a member of The Straits Times media partner Asia News Network, an alliance of 24 news media organisations.

Join ST's Telegram channel and get the latest breaking news delivered to you.