On Sept. 19, Mitsubishi Heavy Industries Ltd., Japan’s biggest defense contractor, said that traces of hackers’ access to its computers had been found. The next day, IHI Corp., another major defense contractor, said that it was also exposed to cyber attacks. Two other defense contractors — Mitsubishi Electric Corp. and Kawasaki Heavy Industries Ltd. — were also found to have been targeted by cyber attacks.
It was not immediately known whether important defense-related information had been leaked. But these firms build and repair main weapons of the Self-Defense Forces (SDF) such as jet fighters, patrol aircraft, helicopters, aircraft engines, destroyers, submarines, radar and missiles.
The recent cyber attacks have brought to the fore the vulnerability of Japan’s defense contractors or other enterprises and government ministries and agencies, for that matter, to cyber attacks. It would not be far-fetched to say that hackers are watching eagerly for a chance to attack enterprises and government ministries and agencies. Japanese business and government agencies cannot be too careful about protecting their computers.
In the case of MHI, 45 servers and 38 personal computers at its Tokyo headquarters and 10 other sites for manufacturing and research and development were infected with eight kinds of viruses. These sites included the Yokohama Research Institute, the Nagoya Guidance and Propulsion System Works, the Kobe Shipyard and Machinery Works and the Nagasaki Shipyard and Machinery Works.
The viruses were designed to order infected computers to transmit data outside. Clearly the hackers targeted the firm because it is the kernel of Japan’s defense industry. The Nagasaki shipyard builds destroyers, the Kobe shipyard builds submarines and nuclear power-related facilities and the Nagoya factory manufactures missiles and rocket engines.
In mid-August, an MHI employee noticed something unusual with computers and MHI asked a computer security firm to examine its servers and computers. MHI says that defense-related information was under heavy security and did not leak. But it says that some system information, such as IP addresses, has been leaked. The possibility cannot be ruled out that by using the information, the hackers will relaunch attacks.
According to Trend Micro, a computer security firm, eight defense industry firms in the United States, Japan, India and Israel, including MHI, have been targeted in a series of recent cyber attacks. It said that the attackers comprising 32 computers have been active since July 2011, sending out malicious documents. It disclosed that there were cases in which the Chinese language was used in screens that were used to remotely control virus-infected computers. China on Sept. 20 strongly denied its involvement in the cyber attacks on Japanese defense firms.
IHI said traces show that it started receiving a large amount of mails with virus files attached from around July 2009. If one opens such an attached file, a computer is infected and transmits data outside. IHI said that employees were careful and that none of them opened the attached files. It came to know the existence of the virus mails in April 2010 and it is still dealing with them.
The problem with the cyber attacks on Japanese defense firms is that the Defense Ministry was not immediately notified by the firms about irregularities they noticed in their servers and computers. MHI contacted the Tokyo Metropolitan Police Department after it found the irregularities. But the Defense Ministry was kept in the dark for about a month.
Only after a Defense Ministry worker noticed a mass media report on the cyber attacks and inquired of the firm, about 10 MHI employees visited the ministry on the evening of Sept. 19 and reported that the cyber attack had taken place around mid-August and that investigation was going on. As for IHI, the ministry said that it did not receive any direct reports from the firm.
In its defense white paper released on Aug. 2, the ministry stressed that cyber attacks by foreign governments or militaries could have a grave impact on national security. The U.S. Defense Department established U.S. Cyber Command in 2010 for daily operation and defense of its information networks.
On July 15, the U.S. announced a strategy to harden American computer systems against cyber attacks and designated cyberspace as another “operational domain” protected by the U.S. military in the same way it defends land, sea and air.
In Japan, the SDF set up the SDF command and communication system unit in 2008 and appointed a cyber planning and adjustment officer in the Joint Staff Office to be in charge of defense against cyber attacks in March 2011. It plans to set up the cyberspace defense unit in fiscal 2012.
More importantly, enterprises and government ministries and agencies must make their own efforts to strengthen their defense against cyber attacks. It is urgently needed for them to nurture experts in this field. Clearly there is a shortage of such experts in Japan.
Parties concerned should notify each other as soon as they are targeted by cyber attacks so that they can build necessary defense in time. Defense firms especially should immediately notify the Defense Ministry in case of cyber attacks on them or when cyber attacks are suspected.
By subscribing, you can help us get the story right.