Chairman’s Message: Continued cooperation between U.S. and Japan needed to strengthen cybersecurity

Admiral Dennis Blair
July 1, 2016

Cybersecurity1The information technology revolution continues to transform the way people in the U.S. and Japan live their lives, the way businesses operate in both countries, and the way both countries protect their national security. The convenience, precision, and usefulness of information are dramatically improving as more personal, corporate, and government information and processes move to networks.

Online, we stay in touch with family and friends, shop, and plan travel in new and more convenient ways. Businesses serve their customers better, collaborate more closely with other businesses, and find entirely new areas for growth. Governments better understand their citizens’ needs, target programs to meet those needs, make their defense forces more powerful, and gain a better understanding of their adversaries. However, with these improvements also comes a dramatic increase in the vulnerability of information to theft and misuse. Malicious private citizens, criminal organizations, and hostile governments can now much more easily damage and inflict losses on American and Japanese citizens, businesses, governments, and defense forces.

In recent months, I have been involved in several U.S.-Japan conferences on cybersecurity. The objective has been to find better ways for the two allies to cooperate in preserving the advantages that information technology gives us while making our networks more secure.

Cybersecurity professionals in the United States and Japan are not satisfied with the state of security in either country. The United States was a few years earlier than Japan in realizing these dangers and in taking precautionary actions, but Japan is now fully aware of its vulnerabilities and is moving quickly to take actions to protect its networks, both public and private.

Cybersecurity professionals in the United States and Japan are not satisfied with the state of security in either country… In both countries, the most important requirement is more skilled personnel.

In both countries, the most important requirement is more skilled personnel. According to recent estimates, the United States needs at least 1,000,000 more cybersecurity professionals in the next few years while Japan needs at least 300,000. The United States has more flexible education and training systems for growing its cyber workforce than Japan, which needs to go beyond the traditional academic and in-house programs of companies on which it has relied.

In both countries, traditional IT companies—such as Microsoft and Verizon in the U.S. and NTT in Japan—have strong security divisions, but the United States also has a more extensive cybersecurity business sector, with full-service companies such as Palo Alto Networks, and Symantec; specialized forensic cybersecurity companies like FireEye and CrowdStrike; and hundreds of smaller companies, most of them started by entrepreneurs with cyber experience in government and intelligence. American cyber security companies are very active in Japan, often winning contracts there.

Public-private cooperation in the cyber area is vital to good security. The private sector operates most networks, while government has law enforcement and regulatory authorities. Public-private cooperation is more strongly developed in the United States than it is in Japan, despite the well-publicized disputes over privacy protection as dramatically illustrated in the recent confrontation between the FBI and Apple. In Japan, there is little sharing of information between the private sector and the government. When a Japanese company suffers a security breach, the specific information is seldom shared with the government in order to help other companies tighten their defenses.

The two countries also organize their government cybersecurity efforts in ways that make government-to-government collaboration between the United States and Japan difficult. In the American system, the Department of Homeland Security generally has responsibility for security in civilian government systems and for setting standards for critical infrastructure in the private sector. In the military and intelligence areas, the National Security Agency provides technical capacity and advice on national security policy directives.

The lack of comparability between two countries’ cybersecurity agencies has led to more limited cooperation in cybersecurity than should be the case given shared interests and values in the two countries.  

The Japanese system does not have directly comparable agencies. Instead, the heart of the Japanese system is the relatively small National Center of Incident Readiness and Strategy for Cybersecurity (NISC). This organization is responsible for overall Japanese cybersecurity strategy, and has published a series of directives in recent years mandating standards for cybersecurity professionals, critical infrastructure networks, and the “Internet of Things.” NISC is also responsible for the government’s response to major cyber breaches. The lack of comparability between two countries’ cybersecurity agencies has led to more limited cooperation in cybersecurity than should be the case given shared interests and values in the two countries.

One area in which the two governments do cooperate robustly, however, is in international Internet governance. Both Japan and the United States favor a relatively free Internet for use by citizens and private organizations. Along with the Republic of Korea, and, sometimes in cooperation with European countries, they oppose the attempts of authoritarian countries like China and Russia to assert government control over Internet users and infrastructure within their own borders.

Both government and business leaders in the United States and Japan understand the importance of cybersecurity for the prosperity and national security of their countries, and cooperation in this area is a goal listed in every communique and press release from major bilateral meetings. However, differences in how the two governments structure cybersecurity agencies, varied business approaches in the two countries are two important sizeable obstacles to smoother cooperation. It will take continued work on both sides and better collaboration to achieve the gains in cybersecurity that the United States and Japan need.

 

Print Friendly, PDF & Email