As the anchor of stability in the Indo-Pacific region, the US-Japan alliance faces enormous challenges and opportunities to revisit, review, and reinvigorate existing approaches in cybersecurity cooperation. The two countries face an ever-changing cyber threat environment, especially with the advent of disruptive technologies like artificial intelligence, big data, and cloud computing against the backdrop of deteriorating global internet consensus
This article is the introduction to Pacific Forum‘s US-Cybersecurity Cooperation: Beyond the Tokyo 2020 Olympics publication. Read the full publication here.
The Tokyo 2020 Olympics put into sharp focus the increasing significance of cybersecurity to Japan’s national security agenda in recent decades. Ahead of the highly anticipated 2020 Olympics and Paralympic Games, Japan’s National Intelligence Agency warned the government about an expected influx of state-sponsored hackers targeting critical national and digital infrastructure to disrupt or hijack the historic sporting events. The warning is reminiscent of the 2018 Pyeongchang Winter Olympics held in South Korea, where malware nearly delayed the opening ceremony. In 2018, a recorded cyberattack also compromised 300 computer systems, affecting the internet and television services managed by the International Olympic Committee.
Amid postponement of the 2020 Olympics due to the global pandemic, Japan has remained focused on mitigating malicious cyberattacks, especially with increasing tensions in the region, including US-China geostrategic and geo-economic rivalry and Russia’s four-year Olympic ban. Japan continues to ramp up its cyber defenses. Amid the limitations of its pacifist constitution, Japan has made leaps in the adoption of a more defense-oriented posture in cybersecurity. Japan is now an emerging cyber power.
Integral to Japan’s overall cybersecurity policy is closer cooperation with the United States. The US-Japan alliance anchors the stability and prosperity of the Indo-Pacific. Enduring regional security therefore relies on the bilateral initiatives undertaken by Tokyo and Washington across all domains, including cyberspace. Although cybersecurity cooperation within the alliance has been robust, the urgency to constantly review, assess, and upgrade facets of cybersecurity engagements — confidence-building measures, and international law and cyber norm promotion — is imperative due to the evolving nature of sophisticated cyberattacks and the disruptive effects of technological advancements.
In light of these recent developments, Pacific Forum hosted a three-day virtual workshop from August 17-19, 2021, titled the US-Japan Cybersecurity Cooperation Virtual Forum: Beyond the Tokyo Olympics. The workshop examined the progress, challenges, and prospects for US-Japan cybersecurity cooperation in securing critical national infrastructure (CNI) against the backdrop of the Tokyo 2020/2021 Olympics, COVID-19 pandemic, and ongoing great power competition. The workshop gathered over 70 individuals representing government, industry, academia, and civil society from the Indo-Pacific. The first two days were closed-door, while the final day’s proceedings were open to the public. The virtual dialogue featured well-known Japanese and American speakers who tackled key dimensions of cybersecurity cooperation under the US-Japan alliance. In parallel to the virtual discussions, a cybersecurity tabletop exercise was conducted to test and operationalize the concepts and deliberations and formulate actionable and pragmatic policy insights.
To sustain the virtual dialogue’s relevance and policy impact, Pacific Forum has compiled this special digital publication with select contributions from the panelists. With the increased attention on state-sponsored cyberattacks, the proliferation of ransomware, and the disruptive effects of emerging technologies, the launch of this special issue comes at an auspicious time. Reflecting on the outcomes of the virtual event, the authors in this volume took a step back to locate gaps in the US-Japan alliance’s role in securing cyber stability in the Indo-Pacific region before zooming in on concrete policy recommendations.
This digital publication begins with the Key Findings report that outlines the salient points of the three-day virtual dialogue, including the deliberations during the cybersecurity tabletop exercise. Reflecting on the aftermath of the Olympics, Mihoko Matsubara’s “Next steps for US-Japan cybersecurity cooperation after Tokyo 2020” offers insights on the lessons learned and best practices that Japan can apply and sustain with its ongoing collaboration with the US and its partners across Asia and Europe. Dr. Gregory Winger’s “Threats and trends in critical national infrastructure” examines the SolarWinds and Colonial pipeline hacks to expose the evolving patterns of malicious behavior on supply chains before calling for a more proactive and persistent type of engagement between the US and Japan.
Focusing on practical collaborative steps that the US and Japan can undertake in protecting their critical national infrastructure, Dr. Benjamin Bartlett’s contribution probes into how the alliance can address cyber incidents that fall under the level of an armed attack. He explores what coordinated responses Tokyo and Washington should pursue to confront low-level yet persistent threats like cyber espionage in critical national infrastructure.
Justin Sherman’s “Seizing on US-Japan opportunities for submarine cable security” explores the physical dimension of cybersecurity, scrutinizing the strategic issues underpinning undersea cable networks. Mr. Sherman’s article emphasizes the importance of regulatory functions and joint capacity building to safeguard submarine cables, which are the connective tissue of US-Japan cyber intelligence-sharing, and more broadly the global internet infrastructure.
Looking ahead, Professor Wilhelm Vosse’s piece scans the weaknesses and strengths of Japan’s cybersecurity architecture. Although Japan has made impressive strides in its regional and international cyber diplomacy — capacity building, confidence-building measures, and joint training exercises — it needs to review the fundamental elements of its cyber policy. This will entail narrowing the definition of cyberattacks and exploring the notion of what offensive and defensive cyber capabilities look like for Japan given its pacifist constitution amid rising concerns over China, Russia, and North Korea’s cyber activities. Finally, Mark Bryan Manantan’s “The cyber AI nexus: Implications for the US-Japan cybersecurity alliance” tackles how emerging and dual-use technology like AI is tilting the alliance’s cyber cooperation. Mr. Manantan explores the mutual relationship between cyber and AI from normative and technical perspectives to conduct an in-depth analysis of the opportunities, challenges, and prospects for Tokyo and Washington in the age of technological disruption.
As geostrategic competition shifts into the geo-economic and geo-technological spheres, cybersecurity will become even more central. It is our hope that the policy recommendations and insights offered by this digital publication will be applied among policymakers to enable deep reflection on the rapidly changing cyber landscape and consequently upgrade the existing dimensions of cyber cooperation. With current US-China relations hitting a cul-de-sac, clandestine and covert operations in the cyber arena will further accelerate — a reality that Tokyo and Washington must confront with both strategic pragmatism and prudence.
To read more, download the full publication here.