Research Institute of Science and Technology for Society (RISTEX),
Japan Science and Technology Agency
Francis Bacon said «scientia potestas est» (Knowledge is power) in 15th century. Alvin Toffler indicates violence was the basic power of the nobility in ancient times, where a powerful elite worked largely through domination that threatened violence to those who did not comply. In the industrial revolution, as the merchant classes became more powerful and gained control of critical resources and channels, violence gave way to wealth.
Today, in the Third Wave, the power of knowledge is replacing commercial wealth as the primary source of power. If you have the right knowledge, you can get a lot done without recourse to money. Power is thus moving to the educated elite (and masses). We are now moving ahead to hard technology-oriented. Evolution of power has transformed and the internet is a great leverage of power in this regard. ICT is a driving force for economy growth. Now we should realize that we are in the middle of paradigm shift of fundamental structural change. Big data is almost here and the era called ‘Internet of Things’ has come. Cyber attacks is a new threat to our daily lives. Energy and utility companies saw a 60% increase in advanced malware incidents in first half of 2012 according to Fire Eye report.
The world went from connected to hyper-connected, providing a certain impact on jobs, industries and schools. Herman Van Rompuy, President of the European Council, made a speech this spring regarding perspectives of cyber terrorism, saying that it is a potential threat to the arteries of globalized modern life: telecommunications, banking systems and airports or energy grids. The U.S. President called for a comprehensive review of the security and resiliency of the global digital infrastructure, a top priority in his administration soon after taking office. The United Nations has discussed to find and establish trust among alliances.
According to the US Federal Emergency Management Agency, cybersecurity is “the protection of information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.” This definition alone demonstrates the value of the involved systems and the data they transfer and store. Because of this value, communications and information infrastructures are subject to the same man-made and natural threats, risks, and vulnerabilities as are physical infrastructure such as buildings, dams or power lines. Man-made events are generated by human actions or omissions stemming from human error, negligence, criminal behavior, or other motives. While natural disasters lack the intent or capability for operational error, they can have the same (or worse) results on cyber infrastructure, including damage ranging from inconvenience or degradation to outright destruction.
Lately, it is pointed out that national institutes, defense industries and infrastructure business and institute of research and development advanced persistent attack has threatened to exploit classified realm and technology information.
The Tallinn Manual’s primary focus is the jus ad bellum (the law governing the use of force) and jus in bello bello (international humanitarian law). According to Atlantic Council, ‘The Tallinn Manual is only an assessment of “black-letter law,” which means it only tries to apply the law as it exists today; the book is silent on what the law should say on a topic. Only policymakers (and future treaties or court cases) can take that next step.’ Overseas countries develop cooperative strategies and policies to tackle cyber security form the point of view of national security and economic growth. Cyber space is already a world- wide common challenge and with global view points. There is no common understanding towards cyber security. The European Network and Information Security Agency (ENISA) points out that there is no comprehensive definition at EU level and at international level.
Japan is also under national security threats. Security is at a transitional moment and is uncertain and exploitative. Is it growing ominous under information unbound? The context of this issue is not just a national nuisance but it is also so diverse, it is political, economic and social.
The players are individual, groups and state and it is entangled and intertwined. Nowadays lucky charms for ‘IT protection’ has been popular to carry with.
Here are the current challenge cases in Japan:
- Targeted cyber attacks (mainly on certain organization including SME, government and blue chip companies)
- How to define to invoke the right of (collective) defense or implement their right of Self Defense Force against cyber attacks from overseas. Since Japan put into effect emergency legislation on national security, cyber attacks is not incorporated into this law.
- In Japan, SDF is not allowed to invoke their right — only at occurrence of an armed attack. The problem is, Japan has not defined what situation should be regarded as armed attack in terms of cyber attack.
- Japan cannot block communication even if there is dubious viruses, since it infringes on the constitutionally guaranteed secrecy of communication
- Lack of resources (human/ technology ) to deal with a cyber attack
- The current situation in Japan totally depends on overseas industry to cryptanalyze (analyze) the virus
- At the contingency, there is a big challenge in the chain of command. In Japan, there is the NISC (National Information Security Center) which is a playmaker of security in Japan.
However, the ‘lineup’ is poor.
- Japanese people themselves need to get well-prepared. Most of the people do not pay attention on a daily basis.
- There is a sectionalism among ministries and they are reluctant to co-operate with each other, not sharing information enough
In Japan National Information Security Center (NISC) was established within Chief Cabinet Office as a control tower on information security in April 2005 to coordinate horizontal and cross cutting enhancement. Also, an advanced information telecommunication network conference is located to advance the standard of information security of government and crucial infrastructure business operators to enhance capacities to deal with cyber attacks. NISC was set up to reflect the ministry targeted attack by anonymous in 2005.
Prime Minister Mr. Abe made a policy speech to the 183rd session of the Diet this February referring to reinforcing countermeasures and enforcing targeting cybercrimes and cyberattacks, which are menace to the Internet society.
This has led to the new efforts of The National Police Agency (NPA), which announced on March 2013 that Japan is set to launch a 140-strong nationwide police task force that would focus on fighting cyber crime, including attacks that come from overseas. The so-called cyber police are to be deployed in Osaka, Tokyo, as well as other strategic areas. The members are composed of specialists that have been recruited from private firms and are fluent in the English, Chinese, Korean and Russian languages. Its primary goal is to go a level higher in protecting government organizations, defense contractors and private organizations that operate infrastructure in the country.
Also, The Ministry of Internal Affairs and Communications (MIC) launched a Cyber Security Research Center (CYREC) in April 2013 aiming at developing defense technologiess utilizing practical detection to deal with cyber attackss. The targets are to establish the hubs for cyber security R&D institutes crystallizing of the wisdom of All Japan, to build practical as well as fundamental technology against new cyber attacks, implement social experiment in terms of R&D, and enhance international collaboration with Europe, the United States and with Asian regions for cyber security. This approach is fine and good to widen network observing, strengthen information analysis and capacity for judgment, however, it does not make sense unless they are shared to make it to stronger measures.
In response to this, the draft of The Cyber Security Strategy was released May 2013 and is now open for public comment. Here is the gist of it: Information security environment change is dramatically rapid. This should be a Japanese grand design to achieve mutual coordination among ministries. In the past three years, risk for this hyper-connected situation has been enormous, spreading and reached at a global level. The scale and scope has been expanding.
Cyber space has become crucial brain and synopsis for the activities of daily basis, social and economic, and administrative ones. Fusion and integration has accelerated.
Cyber space is imperative for Japan and it will be more expanded and penetrated further, seeking for addressing social challenges and for higher potential for economic growth and innovation. It has been paid attention to by world as driving force now that cyber attacks against infrastructure turns into a reality and is a serious matter of national security and risk management. Japan is aiming at the most advanced IT state in the world and needs to achieve safe cyber space to be suitable. The scope of the target of cyber attacks is a growing phenomenon from private (individual and family) to public (social infrastructure). The risk of cyber attacks has been growing, although Japan has made efforts to deal with it. The risk is getting worse and it has effected our national security and risk management capacities, as well as international competition. It brings enormous constant anxiety to Japanese people.
The basic aim of the Cyber Security Strategy forging Cyber Security Nation is the following: The Fundamental idea consists of four agendas; securing free information distribution, new efforts towards escalating risk, strengthening risk-based response, action and mutual assistance based on societal responsibility. Role of each player is clarified; nation, infrastructural enterprise, business industries (R&D institutes), users and cyber space involved operators.
Targeted focused areas until 2015 contain three bullet points ; government establishes a resilient cyber space improving the expansion of information security, strengthening against cyber attack, builds a vibrant cyber space activating industries, accelerating R&D development further, fostering of human resources for information security utilizing competition, improve the information literacy of all the public, takes the lead in formulating cyberspace focusing on diplomacy, internationally expanding, international collaboration.
With regard to the driving force for cyber security in Japan, The National Information Security Center (NISC) will strengthen the operation of cyber space. It will prepare a system for securing experts and authorities reorganizing as ‘Cyber Security Center’ with an opening date 2015.
Here are some functional norms to deal with the Japan case.
- Fundamental Reforms for security architecture
- Citizen awareness
- Integrated strategy
- Global commons (Recognition for the oneness of humanity
- Maintain consistency with existing international laws (regime for governance)
- Avoiding loss of strategic trust
- No scramble but peaceful use
- Launch international platform
- Peaceful and stable international order
- Global responsibility (as a global citizen)
- Critical Thinking
- Ethical Discussions
- Accountability endorses the duty to transform information and knowledge for people another thought for functional norms.
- Hedging strategy beyond engagement
- Indirect hedging : dispersion of risk
- Soft hedging: include unspoken country and launch consortium and build
- Multi-layered cooperation
- Hard hedging: strengthening military capacity and build robust relationship with overseas (this is more traditional approach)
• Global minded education (awareness for citizen)
• Global user: this hyper-connected world will lead to more fragmented/ fragile society
• Facing black swan events (seeking for solution)
Here I believe that the definition of the global is necessary.
For further implication:
We have to be careful about the term of ‘global’. What is the international standard? Look at the map what you have. You would be surprised at what other countries have used and how different it is. The looks are not the same if you take a look at your country by globes. We should see where we are in a different perspective, well-poised to deal with a cyber attack. Also, the viewpoint of citizens is brought into eyeing developing policies from such as public comment. Southeastern shift: The new leaders of global economic growth. To address cyber attacks, do we need to fine tune to have a global white paper for cyber security?
Although people realize that defense might become a magnet for attack and mistrust makes itself more vulnerable to attack, they cannot help it since they also believe that a pragmatic attitude is crucial for cyber issues as well.
The ethics and philosophy element should be revisited to address the security and to analyze the new phase. These elements will lead to personality. The element of convergence is imperative to discuss as a new phase as well.
As Gorguin says, where do we come from, what are we?, where are we going? Thomas Jefferson says that those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.
For Japan, cyber issues is a theme associated with the role as a sovereign nation, as a ‘self-help’ nation. How has Japan defined her responsibility in terms of US-Japan alliance, which is a basic guideline of national security of Japan? Should Japan redefine it? If so, how? How should Japan deal with new challenges caused by information evolution?
• Francis Bacon
• Alvin Toffler
• Japan Cyber strategy report May 2013
• FireEye Advanced Threats Report 1H 2012
• National Cyber Security Strategies- Practical Guide on Development and Execution December 2012
This article is based on a presentation delivered at the 7th Scientific conference of the International Research Consortium on Information Security, as part of the International Forum on «Partnership of state authorities, civil society and business community in ensuring international information security», held on 22-25 April 2013 in Garmisch-Partenkirchen, Germany. It is published on Digital.Report with an explicit permission from the conference organizers.