Daniel Russell, US Assistant Secretary of State in charge of East Asian and Pacific affairs, made some intriguing observations on China’s cyber theft during a press briefing in New York on October 2.

　　　　　Prior to the September 25 US-China summit in Washington, Russell discussed with Chinese officials “the problem of state-sponsored, cyber-enabled theft by China of proprietary corporate information from US companies that is then transferred and in some cases marketized…That is a problem that the President and the Secretary of State…have been very direct in flagging for the Chinese as unacceptable behavior.”

　　　　　Russell also noted that “the Chinese side took American concerns seriously” at the summit and that President Obama “stated very clearly to President Xi …the US is watching closely to see that, in fact, China is honoring the obligations that they have undertaken” in the new agreement.

　　　　　The important question here is whether Xi is in a position to honor the bilateral agreement. This directly leads to a broader question raised by many skeptics about whether Xi is in full control of the PLA (People’s Liberation Army). Hiroshi Ito, a cyber specialist who heads the Lac Cyber Security Research Institute in Tokyo, seriously questions Xi’s power in this regard.

　　　　　“It is important to compare Xi’s moves with those of the PLA,” says Ito. “Just three days before the Obama-Xi summit, on September 22, there were press reports that a Chinese JH-7 interceptor jet had flown just 500 feet in front of an American RC-135 surveillance aircraft not far from the Senkaku Islands. It was a horrible act of provocation by China. It is highly possible to regard this incident as a signal sent by the PLA to President Xi that he must not compromise in his scheduled talks with his American counterpart.”

　　　　　Did Xi have prior knowledge about this provocation by the PLA? Brahma Chellaney, Professor of Strategic Studies at the Center for Policy Research in New Delhi, introduces an interesting anecdote pertaining to Xi’s official visit to India last September 17-18.

　　　　　“Indian Prime Minister Narendra Modi accompanied his visitor throughout his stay, staging what appeared to be a warm welcome. But there was a tricky moment on the first day of his visit when over 1,000 PLA soldiers allegedly moved into Indian territory (in the Ladakh’s Chumar region) and refused to retreat.

　　　　　“As that day happened to be Modi’s birthday, Modi was quoted as telling Xi at the outset of the summit that he had never before received such an ugly birthday present. Xi reportedly looked quite stunned, asking that he be given 24 hours to get the incident thoroughly investigated.”

Integrated Cyber-Electronic Warfare

　　　　　Prof. Chellaney believes Xi had no prior knowledge about the PLA incursion into Indian territory. Ito agrees with him, pointing out:

　　　　　“Mr. Xi most likely has yet to be able to put the PLA under his control. If so, Chinese hacking of the US government and private sector will not stop, because the PLA is in charge of China’s cyber attack strategy.”

　　　　　How able is the PLA’s cyber unit? As for its size, some quarters estimated that it is staffed with as many as 4,000 people. The Chinese approach to its cyber war against the US can be explained as an integrated cyber-electronic strategy based on a concept they have been developing for about a decade.

　　　　　“The US armed forces are extremely powerful,” continues Ito. “But the US has its own weaknesses in that it is a high-tech society that is excessively dependent on computers and networks. China’s strategy is aimed at incapacitating America’s computer systems by striking a first blow designed to destroy the foundation of American high-tech society. Next, China would implement radio interference, causing a malfunction in the command control of the US armed forces. Interestingly, the Chinese are of the opinion that the US would soon recover from such initial attacks. Therefore, they believe China must completely squash US armed forces by integrating cyber and electronic attacks after they initially hit hard, before the Americans have a chance to bounce back and fight the Chinese again.”　

　　　　　Can such a scenario be possible? Ito says what the US is most seriously concerned about is its electric power systems.

　　　　　“An imbalance between electric power generation and electricity consumption in the US could lead to a major catastrophe. There are states in the US that separate electric power production from power distribution and transmission. Besides, each state has a variety of corporations operating independently without regard for coordinating vitally needed emergency measures. Viewed from the point of view of a potential attacker, this makes for a number of vulnerable areas. The weakest links would most likely be attacked first, with other targets then rather easily knocked over like dominoes.”　

　　　　　The US has of course taken steps to work out countermeasures. Over the last decade, the Department of Homeland Security has conducted a biennial exercise series called Cyber Storm, designed to primarily safeguard the nation’s electric power systems against cyber attacks. However, a truly effective system of protection has yet to be implemented because of the aforementioned separation of power production and distribution. Reminded of this situation in the US, one becomes not a little concerned about the ongoing move among Japanese utilities to separate the production and distribution/transmission of power.

　　　　　All that said, the US is where the Internet was created, the birthplace of computers, and there is no question that the US boasts the highest standards in the field of cyber technology. China steals in order to catch up with the US, and will never stop until there is no more technology left in the US for it to steal, stresses Ito.

　　　　　Ito showed me an interesting chart listing records of targeted attack emails drafted in 2012 on the basis of the country of origin. China was on top of this list, accounting for 31%.

Government and Private Sector Alike

　　　　　“A special characteristic of cyber attacks is that the assailants’ identities can be kept secret,” points out Ito. “The fact that targeted attack emails originating from China accounted for more than 30% of all such emails in 2012 only indicates that there were that many unskillful attackers in China at the time. Given that Chinese Internet users number some 600 million out of a total of a 1.3 billion population, there would be a large number of unskilled hackers as well as skilled hackers. That’s how they ended up with the 31% figure. But the overall skill level of Chinese users has been rising very quickly. If the same survey were conducted now, the culprits would be extremely hard to detect, and there would probably be a very low number for China.”

　　　　　Ito genuinely feels Japan is at least 10 years behind China—and 30 years behind the US—in cyber technology. The Cyber Defense Unit of the Japan Self Defense Forces (JSDF) has been in operation for only ten years, and has a complement of barely 100 men. The biggest problem with Japan is that both the government and the private sector are hardly aware of how backward Japan is in this respect.

　　　　　“The 21st century is a century of cyber technology,” continues Ito. “And yet Japan is devoid of any sense of impending crisis, failing to implement effective countermeasures against cyber attacks. Last June, the government’s Japan Pension Service (JPS) was hacked and some 1,250,000 cases of personal data leaked. Vital information continues to be stolen by hackers who target governmental agencies as well as private corporations. But why did only the cyber attacks on the JPS become news? If private corporations publicly reveal their losses to cyber thefts, their stock prices will drop, and some may even be driven into bankruptcy. Being a governmental organization, the JPS faces no such pressures. The Cyber attacks against the JPS fostered a sense of crisis among the general population. Am I reading too much into it to think that is the reason the government allowed for the release of the information pertaining to the damage suffered by the JPS?”

　　　　　With vital technology and personal data having been stolen as a result of China’s cyber attacks against Japan, China must now have a deep grasp on the vulnerabilities of Japan and we Japanese. I am acutely aware that, be it cyber security or security legislation, every effort must be made to awaken our citizens to the crisis in national security now facing Japan.

(Translated from “Renaissance Japan” column no. 765 in the October 15, 2015 issue of The Weekly Shincho)