February 24, 2016

Possible Japanese Cybersecurity - InfoSec Inadequacies

It appears Japan is still at an early stage of forming a cyber security organisation (probably mainly civilian staffed). 

There may also be resistance from Japan's three armed services (Army, Navy and Air Force) to form a joint signals intelligence (SigInt) and information security (InfoSec) organisation. Such an organisation would be typically staffed by uniformed and civilian personnel.

Submarine Matters suggests if Japan wants to successfully market large, highly sensitive weapon systems it needs to fix these problems.

BACKGROUND

On February 24, 2016 AAP via Australia’s NT News reported :

“Japan its own enemy in cybersecurity

Apart from rogue hackers, criminal organisations or even state-backed cyberwarfare units, Japan's businesses and government agencies are facing a unique cybersecurity foe: themselves.

Even with the frequency and severity of cyberattacks increasing rapidly worldwide, efforts by the world's third-largest economy to improve its data security are being hobbled by a widespread corporate culture that views security breaches as a loss of face. That leads to poor disclosure of incidents or information sharing at critical moments, Japanese experts and government officials say.

[bolded by Submarine Matters] Improving cybersecurity practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defence contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs...[see whole article].

Earlier on May 30, 2015 Reuters reported:

The United States will extend its cyber defense umbrella over Japan, helping its Asian ally cope with the growing threat of online attacks against military bases and infrastructure…

The Japanese military's cyber defense unit has around 90 members, compared to more than 6,000 people at the Pentagon, a Japanese Defense Ministry official said at a briefing on Thursday.

FURTHER BACKGROUND

Miyuki Matsuzaki, "The Cybersecurity Challenges for the Ministry of Defense and the Self-Defense Forces" indicated February 3, 2016 inc  but the article appeared originally in Japanese in IIPS Quarterly, dated July 17, 2015.

In January of this year (2015), the government of Japan established the Cybersecurity Strategic Headquarters and released a new Cybersecurity Strategy in May [2015]. Through these and other developments, the government is promoting cybersecurity initiatives. At the same time, a plethora of cybersecurity issues have been accumulating,

...In the US, the DHS is in charge of cybersecurity for critical infrastructure. However, it is assumed that, when such infrastructure has been subject to a cyberattack that has resulted in significant damage, it will be a unit from USCYBERCOM that will respond.

…Similarly in Japan, the cabinet's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and the relevant ministries and agencies are in charge of the cybersecurity of critical infrastructure, while the Cyber Defense Unit --whose mission is to monitor the networks of the Ministry of Defense and the JSDF, and to respond to incidents occurring in them--does not defend the systems and networks used in critical infrastructure or in the defense industry.

AUSTRALIAN CYBERSECURITY, SIGINT-INFOSEC ENVIRONMENT

Cybersecurity Center Level

Cybersecurity centers have a broader mandate mainly at a civilian level. In Canberra, Australia the Australian Cyber Security Centre(ASSC) “is an important Australian Government initiative to ensure that Australian networks are amongst the hardest in the world to compromise."

"The centre brings together existing cyber security capabilities across Defence, theAttorney-General’s Department, Australian Security Intelligence Organisation, Australian Federal Police and Australian Crime Commission” at a single office. “Importantly, it is a hub for greater collaboration and information sharing with the private sector, state and territory governments, academia and international partners to combat the full range of cyber threats.”

"The ACSC is the joint responsibility of the Attorney-General and Minister for Defence. [In part avoid duplication of ASSC and Australian Signals Directorate (ASC) roles]... A Deputy Director of the Australian Signals Directorate, is the centre’s coordinator.

Australian Signals Directorate (ASD) SigInt/InfoSec Level

At a typically higher level of security, due to its part intelligence role, the Australian Signals Directorate has civilian and uniformed staff (drawn from all three armed services).

The Australian Signals Directorate (ASD, formerly DSD) is an intelligence agency in the Australian Government Department of Defence, with its headquarters in Canberra. ... ASD:

-  collects and analyses foreign signals intelligence, known as SigInt
-  provides advice and assistance on information and communications security, known as InfoSec.

SUBMARINE MATTER'S COMMENT

It appears that the Japanese Ministry of Defence has not yet persuaded Japan’s 3 armed services (Army, Navy, Air Force) to form a unified Japanese NSA staffed by civilians and uniformed military. Encouraging all three armed services to combine in such a structure (NSA in US, GCHQ in the UK) was a historical challenge. It may be a present challenge for Japan.

If Japan wins the future submarine competition it appears Australia’s Department of Defence-Australian Signals Directorate and Attorney General’s have much to do in encouraging Japan to fully develop institutions that protect technical-and-strategic secrets. 

Currently it is hoped Japan’s bid documents for the Competitive Evaluation Process (CEP) have been transmitted securely by Japan.

13 comments:

Anonymous said...

Hopefully, Japan has learned from the mistakes of the past:

"August 16, 2007: Last month, the United States, fearing Japan was unable to keep
American technology secrets, halted the shipment of parts needed to upgrade the Aegis
radar in the Japanese destroyer Kongo. The upgrade would make the Kongo capable of
firing U.S. anti-missile missiles. It all began last March, when it was discovered
that details of the U.S. Aegis naval air defense system have been copied and passed
around a Japanese Navy school (the First Service School in Etajima.) Japan has always
been strict about American military technology it has been entrusted with. But the
current scandal apparently goes back nearly ten years. In 1998, an instructor at the
First Service School prepared a CDROM disk of instructional material, and put a lot
of classified material on it."

Source:

http://www.strategypage.com/htmw/htintel/articles/20070816.aspx


========================================


Chinese spies have also been active in South Korea, as well as Japan:

"March 23, 2011: Several South Korean diplomats stationed in the Chinese city of
Shanghai are under investigation for their relationships (sexual and otherwise)
with a Chinese woman who acted as a fixer for diplomats seeking access to Chinese
officials. The woman, only identified as Deng, was most useful in helping obtain
visas for North Korean refugees seeking to get to South Korea. Such "fixers" are
common in China, and most foreigners are very dependent on them. The Chinese
government wants it that way.

That can be seen from the fact that Deng was caught, by the South Koreans, with
classified South Korean documents. She apparently got them from one of the South
Korean diplomats at the Shanghai consulate. Deng was also believed to have had
sexual affairs with several South Korean diplomats. At one point, she was
apparently screwing two of them, without either of the South Koreans knowing the
Deng was playing both of them.

China is widely known to use sex to obtain secrets from foreigners, inside and
outside of China. Four years ago, Japan uncovered a widespread Chinese effort to
use sex to steal military technology. Attractive Chinese female intelligence agents
in Japan were marrying members of the Japanese armed forces, and then using that
access to obtain military secrets. The situation was complicated by the military
attempts to keep these "embarrassing incidents" secret. The government was
particularly anxious to keep the Americans in the dark about all this, since the
Chinese apparently got their hands on Aegis anti-aircraft system technology via
their sexy spies."

Source:

https://www.strategypage.com/htmw/htintel/articles/20110323.aspx


========================================


Of course, the U.S. hasn't been immune from Chinese spying either:

"China obtained more than 50 terabytes of data from U.S. defense and government
networks, notably the Joint Strike Fighter’s stealth radar and engine secrets,
through cyber espionage, according to newly disclosed National Security Agency
documents."

Source:

http://freebeacon.com/national-security/nsa-details-chinese-cyber-theft-of-f-35-military-secrets/

Pete said...

Hi Anonymous

Thanks for those links. Australia may have been similarly touched - with the then ruling Labor Party trying to water it down by accusing DSD (now ASD) of being in the wrong:

Sydney Morning Herald, May 7 2009, http://www.smh.com.au/national/defence-rejected-minister-spy-link-concerns-20090506-avc4.html

Headline "Defence 'rejected' minister spy link concerns"

Defence officials responsible for a covert inquiry into Defence Minister Joel Fitzgibbon's relationship with businesswoman Helen Liu believe she has had links with China's military intelligence agency.

The officials, who are the subject of two high-powered inquiries, claim to have raised concerns within the Defence Department that Mr Fitzgibbon was receiving gifts from and living in a Canberra house owned by a woman they believed was connected to the Second Department of the People's Liberation Army general staff headquarters.

The Second Department is responsible for intelligence collection covering military, political and economic developments outside China.

The officials formed the view that Ms Liu was linked to Chinese military intelligence following inquiries that extended to her business activities, her contact with Chinese diplomatic and consular officials assessed to be intelligence officers, and her connections with senior Chinese Communist Party officials and PLA officers.

The officials said concerns about a potential security risk relating to Mr Fitzgibbon were dismissed.
"It didn't go anywhere," one senior Defence security intelligence official told The Age. "I don't think it went up the chain of command at all.

"We looked at Fitzgibbon and Liu, and the links between them raised real concerns that we thought were worthy of an official investigation, but it was clearly too much of a hot potato for the hierarchy.
"In a department in which arse-covering is an art form, no one would want to be the person who broke this news to the secretary and the CDF (chief of Defence Force), who had enough troubles with the minister."

MORE TO FOLLOW

Pete said...

FROM ABOVE

“The official claims to be one of several civilian and military officers who covertly investigated Ms Liu and Mr Fitzgibbon for several months.

Much of the alleged investigation was conducted outside work hours without using Defence IT systems. It is also alleged a Defence Signals Directorate officer gained access to Mr Fitzgibbon's personal information on his office's IT systems.

"Some of the information about the minister was circulating around the department, and I don't think we were the only people looking at it, but some things involved a bit of research," the official said. "There were limits to what we could do and we didn't get all of the story, but what has come out later about Fitzgibbon's failure to declare trips to China only strengthened the concerns.

"There are big questions about just why the minister has been so obligated to Helen Liu and what the full extent of their relationship has been.

"Imagine the stink if the US defence secretary was found to be hooked up with the Chinese businesswoman with close connections with the Chinese military."

The official said he and his associates were struck by apparent parallels between Ms Liu and Katrina Leung, a Chinese-American businesswoman who over almost 20 years operated as a double agent for the Chinese Ministry of State Security and the US Federal Bureau of Investigation.

In 2003, Ms Leung was acquitted of espionage in the US. She was later convicted of a tax-related offence.

The Defence Department has confirmed the inquiry by the Defence Security Authority into the covert probe into Mr Fitzgibbon was still under way and a report would be finalised soon for submission to Mr Fitzgibbon.

The department has declined to say whether any matters have been referred to the Australian Federal Police.

A month ago, Defence secretary Nick Warner confirmed more than 200 Defence officials had been interviewed and 850 had signed statutory declarations denying any involvement in investigations into Mr Fitzgibbon's personal affairs.

A separate inquiry is being conducted by the Inspector-General of Intelligence and Security into the allegations concerning unauthorised access to personal information on Mr Fitzgibbon's office IT systems.”

MORE TO FOLLOW

Pete said...

FROM ABOVE

“Ms Liu, who is believed to be living in China, has strongly denied any assertions she has been an intelligence operative of the Chinese Government, despite being praised by pro-Beijing groups for accurately transferring information about Australian politics and policies to Chinese ministries.

Mr Fitzgibbon has said no one has ever raised any security concerns about his relationship with Ms Liu, who he has described as a close personal friend.

The Australian Security Intelligence Organisation said in late March it had no information relating to Ms Liu that would give rise to any security concern regarding her activities or associations.

According to people involved in the pro-democracy groups in Sydney in the late 1980s and early 1990s, Ms Liu was active in anti-Beijing protests after the 1989 Tiananmen massacre.

She disappeared from Sydney's Chinese dissident scene a few months later. When she reappeared in Sydney in the early 1990s, she suddenly had access to large sums of money, began amassing a multimillion-dollar property portfolio and started courting Australian political figures.

In 1993, she paid for Mr Fitzgibbon and his father, federal Labor MP Eric Fitzgibbon, to travel first class to China to attend the opening of a hotel development. Joel Fitzgibbon was not an MP at the time but was expected to succeed his father as the federal member for Hunter in NSW.

Ms Liu has strong ties with senior Chinese Communist Party figures and has had considerable support from the Chinese Government-controlled Bank of China.

Between 1995 and 2007, her companies donated $40,000 to Mr Fitzgibbon's election campaign and another $50,000 to the NSW ALP.

When details of the covert probe into his relationship with Ms Liu broke in March, Mr Fitzgibbon came close to losing his job when he admitted he had failed to declare she had paid for trips to China in 2002 and 2005.

He had also misled the public when he denied receiving large gifts or travel from Ms Liu.”

ENDS

Kumar said...

Hi Pete
Interesting post and equally interesting comments from Anonymous and your own. Diplomats and military attaches in particular of many countries have been targetted by China through honey traps. The problem is individuals falling repeatedly to the most oft used modus operandi of the Chinese intelligence. Bit shocking!!!! Liaison with Chinese women should be a big NO for diplomats posted in China and Asia-Pacific countries. Chinese seem to be replicating what the Soviets did during the seventies and eighties.

Regards
Kumar

Pete said...

Hi Kumar

Thanks for visiting. Yes honey trapping is probably a common tactic even in the non-government commercial world.

A classic Western honey-trap was a Jewish American "Cindy" trapping Mordechai Vanunu for Mossad https://en.wikipedia.org/wiki/Cheryl_Bentov . Spooks might need to live near monastic lives to avoid entrapment and turning.

Regards

Pete

Anonymous said...

Where armies may not succeed, beauty has brought down Empires
KQN

Kumar said...

Hi Pete

There have been cases of reverse honey traps as well. An Indian female official posted in Islamabad was compromised a few years back.

By the way have a look at this item -
http://asia.nikkei.com/Politics-Economy/Policy-Politics/Australia-to-double-sub-fleet-concerned-over-S.-China-Sea-tension

Regards
Kumar

Pete said...

Hi KQN

Very true. And then there's:

"Was this the face that launched a thousand ships.
And burnt the topless towers of Ilium?"

Pete

Pete said...

Hi Kumar

Yes, I've read https://en.wikipedia.org/wiki/Clandestine_HUMINT_asset_recruiting#Love.2C_honeypots.2C_and_recruitment that the KGB used to call men "Ravens" who entrapped women.

Thanks for http://asia.nikkei.com/Politics-Economy/Policy-Politics/Australia-to-double-sub-fleet-concerned-over-S.-China-Sea-tension.

I've done a recent article on this at http://gentleseas.blogspot.com.au/2016/02/submarine-matters-much-across-submarine.html

Cheers

Pete

Nicky said...

Hi Pete,
You may want to take a look at these articles

Russia May Revive Its High Performance Cold War Alfa Class Sub With Modern Upgrades
http://foxtrotalpha.jalopnik.com/russia-may-revive-its-ultra-high-performance-alfa-class-1761291246

Stackley: Funding Levels Creating Risk In U.S. Navy Attack Submarine, Surface Combatant Fleets
http://news.usni.org/2016/02/25/stackley-funding-levels-creating-risk-in-u-s-navy-attack-submarine-surface-combatant-fleets

Danger: America's Great Submarine Shortage in the Pacific
http://nationalinterest.org/blog/the-buzz/danger-americas-great-submarine-shortage-the-pacific-15318

Pete said...

Hi Nicky K.D Chaleunphone

Thanks for those links especially http://foxtrotalpha.jalopnik.com/russia-may-revive-its-ultra-high-performance-alfa-class-1761291246

Regards

Pete

Pete said...

As I have warned on a number of occasions keepers of sensitive Australia Future submarine secrets, especially combat system, are in the difficult Non-Discrimination Law position of actually needing to discriminate against Ethnic Chinese at
- ASC
- Aus DoD and RAN
- in consultancies
- suppliers including hulls and steel.

If they have relatives in China or even Taiwan or Hong Kong they can be got at by PRC agents, including from MSS or PLA intelligence. Enforced ethnic patriotism, mixed with other motivations, seems to work to China's advantage.

This need is now reinforced by the publicising of the Lin US Navy case. Intelnews reports April 12, 2016 https://intelnews.org/2016/04/12/01-1884/ :

"For the first time since 1985, when the Federal Bureau of Investigation broke the John Walker spy ring, an active United States Navy officer has been charged with espionage. On Sunday, the US Navy reported the arrest Lt. Cmdr. Edward C. Lin, who faces two counts of espionage and three counts of attempted espionage, among other charges.

...Lin was a signals intelligence (SIGINT) specialist with the Navy, focusing on the airborne collection of maritime intelligence, mostly in the Pacific Ocean.

Given that he is a naturalized citizen from Taiwan and speaks fluent Mandarin, it is almost certain that he was tasked with collecting SIGINT from targets in China and Taiwan. If that is so, then the prospect that Lin may have given classified information to Chinese or Taiwanese intelligence officers will be especially unsettling for Washington.

Moreover, Lin is believed to have worked with some of the most advanced airborne intelligence-gathering platforms in the Pentagon’s arsenal, including the MQ-4C Triton, the P-3C Orion, the P-8A Poseidon, and the EP-3 Aries II, which is arguably the most advanced maritime surveillance aircraft ever used by the US Navy.

...There is no official confirmation of the foreign intelligence agency that is believed to have recruited Lin. However, there are some reports in the media that he may have spied for both China and Taiwan, which could imply a non-ideological motive, possibly related to money or sex. Indeed, it may be no accident that Lin is also facing charges of marital infidelity and employing prostitutes while traveling abroad.

see more at https://intelnews.org/2016/04/12/01-1884/

Pete