Published on January 21, 2020.
Based on an editorial from the Sankei Shimbun, this article treats the large-scale cyberattack on Mitsubishi Electric as a grave national security threat. It discusses the possible involvement of a China-linked cyberattack group, concerns over the leakage of information related to government agencies and critical infrastructure companies, the limits of NISC, U.S. indictments of Chinese People’s Liberation Army officers, and the exclusion of Huawei, arguing that Japan must fundamentally review and strengthen its cyber defense system.

January 21, 2020
The reason the Chinese telecommunications equipment giant Huawei Technologies was shut out of the U.S. market was also the “national security risk” that it could be exploited for cyberattacks.
The following is from today’s editorial in the Sankei Shimbun.
Cyberattacks
A Grave Threat to National Security
This is a national security issue and a grave threat.
It should serve as an opportunity to fundamentally review Japan’s cyber defense system.
Mitsubishi Electric announced that, after suffering a large-scale cyberattack, information concerning its client government agencies and companies may have leaked externally.
It is believed that a Chinese cyberattack group may have been involved.
The company is a major player in the space and defense industries, and the leaked information included exchanges with the Ministry of Defense, the Nuclear Regulation Authority, the Cabinet Office, and others, as well as materials from joint meetings with private companies in sectors such as electric power, telecommunications, and railways.
It is said that highly confidential information was not included, but the possibility was certainly present.
Moreover, last June, the company discovered suspicious activity on domestic servers and other equipment, but did not disclose it while continuing its internal investigation.
The basis of virus countermeasures is preventing spread through the sharing of accurate information.
That does not change in cyberspace.
In response to the situation, Chief Cabinet Secretary Suga Yoshihide said, “The government would like to continue monitoring the situation, centered on the Ministry of Economy, Trade and Industry and NISC.”
NISC is the abbreviation for the National Center of Incident Readiness and Strategy for Cybersecurity, established by the government within the Cabinet Secretariat.
It handles overall coordination and advice for cyber countermeasures carried out by ministries and agencies, including the Self-Defense Forces and the police, as well as local governments and the private sector, but it has no command or ordering authority.
With this, it cannot fulfill the role of a command center, and it merely symbolizes the vulnerability of Japan’s cyber defense.
State involvement has been pointed out in cyberattacks by China, Russia, and North Korea.
In May 2014, the United States indicted five officers of a cyberattack unit of the Chinese People’s Liberation Army for conducting espionage against U.S. companies through cyberattacks.
The reason the Chinese telecommunications equipment giant Huawei Technologies was shut out of the U.S. market was also the “national security risk” that it could be exploited for cyberattacks.
The Japanese government cannot take such effective measures merely by “monitoring” the situation.
If there is doubt about information security, Japan will no longer be able to share information with the United States.
Under the current system, Japan will only be left behind in an international environment that is even called “cyberwarfare.”
At the ceremony marking the sixtieth anniversary of the U.S.-Japan Security Treaty, Prime Minister Abe Shinzo emphasized his intention to strengthen the U.S.-Japan alliance in new domains such as space and cyberspace.
To do that, Japan must first urgently strengthen its domestic system.