Table Speech

The Current State of Cyber Attacks in Japan

December 11, 2013

Dr. Hiroshi Itoh
Managing Director, LAC Co., Ltd.
Director of Cyber Security Laboratory

 I have served in the Japan Ground Self-Defense Force (JGSDF) for 27 years. As my final assignment, I became the first commander of the System Protection Unit of the Cyber Warfare Corps launched by JGSDF. Since I left JGSDF, I have been working for a private security company. I hope my speech today will be informative, yet I must admit the topics will remain rather general as I have to abide by the rules of confidentiality.

 We keep hearing about cyber technology lately, of which the Internet is widely known. Some movies have given us a wrong image of the Internet, where the figures of 0 and 1 fly around in an infinite cyberspace. The true nature of the Internet is a commonly-used mechanical networking device of submarine cables or satellite circuits, through which the data circulates. You might be surprised to know that the bucket-brigade model best explains the mechanism of the Internet, as the information is passed from one entity to the next till it reaches its destination. The Internet was created by well-meaning engineers for a good purpose, and thus it was beyond the scope of assumption that some malicious people could join in the bucket-brigade to get access to the information, rewrite it or even redirect the Internet traffic. We should take into account our access to the Internet lacks an effective system that can crack down on abuse by cyber villains. In my opinion, the present situation surrounding the Internet is quite similar to the time when automobiles were just invented. Back then, there was no institutionalized mechanism for drivers’ licenses, safety inspection, and not to mention the traffic laws. The same applies to the Internet today as there exists practically no related law that constitutes checks against tremendous dangers. It seems not many of us are aware of such dangers.

 Let me talk about some cyber attack incidents that have made national headlines in Japan. It was widely reported about two years ago that major defense-related corporations in Japan, including Mitsubishi Heavy Industries, Ltd., had suffered a series of information leakages in cyber attacks on their computer networks. I must point out that cyber attacks targeting Japan has actually begun ages ago and there are numerous other cases that have been left unreported, making the case of Mitsubishi just the tip of the iceberg.

 Another incident of last year made us realize how easily a cyber villain can manipulate a malware in today’s society. The police arrested four innocent Japanese citizens for making ‘false’ threat emails that were actually instigated by a remotely-controlled computer virus. Our institute analyzed the virus and found out it was technically quite sloppy. The purpose of the criminal was to humiliate the police authority rather than to show off his technical skills. Cyber attacks in South Korea this year paralyzed the computers and servers at major banks and broadcasting companies and caused much turmoil. Cyber attacks have come to inflict enormous damages to companies and society as a whole.

 Before closing, let me talk about the possible countermeasures each one of us can take against cyber attacks. I regret to say there is no silver bullet that prevents cyber attacks, just like there is no miracle drug to prevent colds. All I can say is to make sure you follow the basic common-sense rules. For example, keep away from suspicious internet websites and if you detect there is something wrong with your computer, bring it to PC-specialists, just as you ask for medical advice when you have some health problems.

 Our company protects networks of our contracted corporations from outside hackers, just like security guards at a jewelry store work to ensure safety. We monitor the Internet of our clients and issue a warning should we detect any danger. We also go out to companies and fix problems with their Internet. Our technicians often detect serious problems that had begun years before companies came to notice their suspicious intruders. For example, two thirds of the cases detected last year showed that the networks had been attacked for more than one year. I have to emphasize the importance of consulting the specialists at an earlier stage.

 I must also ask you to share a sense of crisis against cyber attacks. I regret to say our country has closed its eyes to the crisis. Now, we, each one of us, should enhance crisis awareness and further raise problem consciousness to take concrete countermeasures. I encourage you to talk to your junior staff members in charge of security and ask them about some specific measures taken in your company. I am sure they will feel motivated and appreciated. I believe security of the whole society will be enhanced by such concrete actions taken by each individual in his/her own position.