Quis custodiet? Powerful Japanese cybersecurity agency hacked, as allies fret

"Japan's cybersecurity nightmare is everyone else's problem, too"

Japan's national cybersecurity agency suffered a systems breach that went undetected for nine months, alarming global security partners.

That's according to the FT earlier today, citing multiple unnamed sources as claiming Japan's National Centre for Incident Readiness and Strategy for Cybersecurity (NISC) was compromised last autumn in an incident that was not detected and communicated to global partners until June.

Japan says the impact was highly limited but the length of the breach raises concerns itself and suggests that visibility may be limited.

NISC, founded in 2015, is led by Japan's Chief Cabinet Secretary and amongst other key responsibilities, runs "cybersecurity policy for critical infrastructure protection." It audits other government departments' cybersecurity and also runs a real-time government-wide monitoring team called the Government Security Operation Coordination team (GSOC).

The FT's sources suggest that Chinese state-backed hackers are the likely culprit. Whilst Japan would not be the the only country to fall victim to increasingly bullish and skilled Chinese cyber-espionage actors (several US federal agencies were breached this year after a security incident at Microsoft), its cybersecurity agency being breached is a particularly troubling indictment of the country's infosec capabilities.

Japan’s cyber security agency suffers months-long breach | Financial Times
Infiltration comes as allies scrutinise Tokyo’s defences against hacking

"Japan's cybersecurity nightmare is everyone else's problem too," warned Takahiko Hyuga of Japan Times, in April, writing about the impact of ransomware attacks in Japan. (The hacking of a medium-sized USB socket producer alone drove losses of $375 million at Toyota in February 2022) whilst the FT suggests that  the recent ransomware attack on Nagoya port was part of attempts to probe the country's critical infrastructure defences.

(Restoration from backups brought systems at the port back online inside an impressive three days, local press reports suggests.)

See also: CISA warns of attacks on .NET vulnerability

Similarly, a compromised NISC casts a shadow on Japan's ability to successfully pursue deep-military and cybersecurity relations with the US and allies. Earlier this month, it was reported that multiple US delegations have flown in to Japan, hoping to gain assurance of better defences against cybersecurity breaches.

This has included a visit by General Paul Nakasone, director of the National Security Agency and commander of US Cyber Command.

In January 2023, America and Japan released a joint statement which included an affirmation to “intensify collaboration to counter increasingly sophisticated and persistent cyber threats.”

“The United States welcomed Japan’s initiatives to bolster its national cybersecurity posture,” added the joint statement, citing the creation of a new organization to coordinate whole-of-government cybersecurity policies and a new framework set to “provide a foundation for a wider range of US-Japan cooperation.”

However, Japan's attempts to build defences remain weak. Global Risks Insight, a security consultancy, called Japan's cyber defence a "neglected frontier."

In 2020 Chinese hackers penetrated Japan's classified defense networks earlier reports note: "It was bad -- shockingly bad," an anonymous former U.S. military official to the Washington Post, commenting on the incident which allowed hackers, "deep, persistent access and appeared to be after anything they could get their hands on — plans, capabilities, assessments of military shortcomings."

See also: HPE software update wipes 77TB from Japanese supercomputer

Get the latest episodes directly in your inbox