THE ASIA-PACIFIC THREATS AND BEYOND, Part 1: Defense Cooperation and Cyber Security
PERSPECTIVES FROM U.S. - JAPAN ALLIANCE CONFERENCE: STRENGTHENING STRATEGIC COOPERATION
DAY 1 - March 14, 2016 in Santa Monica, CA
This week, RAND Corporation, a nonpartisan and non-profit research institution, held a conference entitled the “US – Japan Alliance: Strengthening Strategic Cooperation”. The event brought together top politicians, thinkers, researchers, analysts and yes, consultants, to discuss the current geopolitics, the real and perceived threats regionally and globally, and the ways forward –for the US and Japan as partners, and for the region and the world at large. Here are some highlights from the fascinating dialogue.
The keynote speakers, His Excellency Onodera Itsunori, Former Minister of Defense of Japan (2012-2014), praised the 2015 Guidelines for Japan-US Cooperation and its implications on collective self-defense, regional security and Japan’s ability to contribute to international conflict resolution and the protection of civilians.
What stood out was the seriousness with which the Minister spoke about North Korea as a threat to Japan. He admitted that cooperation with South Korea to mitigate this threat was crucial. The Minister expressed a personal regret about the issue of sexual slavery of Korean women by Japanese military in the 30s and 40s, and a hope that both sides move forward so that their relationship could thrive. Indeed.
One interesting moment came when the moderator, Scott Warren Howard, Assistant Director of RAND Center for Asia Pacific Policy, asked the Minister about the prospect for tri-lateral cooperation should Japan succeed to export their submarine technology to Australia. It was a great setup to discuss the US-Japanese cooperation as US would likely provide weapons to equip the submarines. But instead the Minister made a quite forceful clarification that Japan does not want to sell submarines to Australia, it is Australians who made an offer to Japan and then he deferred the issue to the Americans. Perhaps this was greatly exaggerated by the fact the Minister was speaking through an interpreter, but it came as an oddly strong statement. It seemed as if Japan was preparing to lose the bid by pretending they don’t really care… you know when someone tries to save face for being turned down by saying “I didn’t really want it anyway”. This exchange became all the more intriguing after news outlets reported yesterday that Germany, who is intensively bidding to get the said Australian submarine contract, warned that awarding the contract to Japan could damage Australia’s relationship with China. Playing into the complex regional politics, Germany’s ThysennKrupp Marine Systems suggested that choosing Japan who has a strenuous relationship with China would extend such tension to Australia. China is Australia’s biggest trading partner. Oh the complexities of geopolitics! And one example of why one should design strategies with the aid of a Global Issues Consultant.
One a lighter note, the Minister shared a story of gifting former Defense Secretary Chuck Hagel, an avid swimmer, a pair of waterproof Sony headphones and disclosed the secret most comfortable place on a submarine – on top of the torpedo.
A U.S. VIEW OF ALLIED CYBERSERCURITY COOPERATION
Senior Management Scientist at RAND, Dr. Martin Libicki, spoke passionately about ways to address the fifth domain of conflict – cyber war – by approaching cyber defense norms from a global issue perspective. He pointed out one main obstacle was our collective problem with thresholds and deterrence. What are the national “red lines” for cyber space and what are nations’ deterrence mechanisms? In particular, under the obligations of alliance between sovereign states where an attack on one is an attack on the other, how far will allies go to punish cyber terrorism and hostile cyber attacks by other nations? One excellent example to ponder is the US – South Korea defense alliance: North Korea has been trashing South Korea in cyber attacks for years… so what is the US doing?… One will of course question the other 4 domains of conflict and the willingness of nations to go the extra mile for their allies. Ukraine anyone?
As a Senior Management Scientist, Dr. Libicki looked at cyber security scientifically – through the prism of standard defense systems. In terms of threat assessment, indications and warning, there is no empirical track record for cyber attacks. Except for the few cases of expressed intention (“we will attack”) there is no theoretical foundation either, no way to have physical indicators that an attack is about to occur. And more importantly than knowing where and when, we need to know what form the attack will take. What will it look like and what will be its effects? Just a ‘simple’ data breach or a takedown of a power grid or something far, far worse?
I admit that this excellent presentation raised more questions for me than it answered. We really need to consider cyber security very carefully as a global community. What should an appropriate punishment for a cyber attack be? How do we deal with the issue of state sovereignty when responding? What would an escalation of a cyber war look like? Help, I’m drowning in questions!
JAPAN – US COOPERATION ON CYBER SECURITY
Dr. Motohiro Tsuchiya, Professor in the Graduate School of Media and Governance at Keio University (Japan) failed to ease my mounting concerns. Not for lack of expertise or his many brilliant points, but because he listed so many serious cyber attacks that occurred in Japan recently. Starting with the appalling one on Japanese government institutions no less than 3 weeks after the devastating earthquake of 2011. Someone attacked the systems with a catchy email subject “latest radiation levels” and who in the government would not open that attachment during such national tragedy! Then came the attack on Mitsubishi Heavy Industries – a major military developer; then the Japan Pension Service had 1.25 million records compromised… all attacks traced back to Chinese companies in Shanghai and mainland China, but there was no concrete evidence that Chinese government was involved. And that is the problem, isn’t it. What do you do with such evidence when you find it and moreover, even when governments aren’t involved, what should their response be?
Then Dr. Tsuchiya delivered a sobering warning about all the potential cyber risks Japan is trying to mitigate ahead of the 2020 Olympic Games and my heart sank thinking about Brazil – economic crisis, protests, impeachment, the Zika virus…
JAPAN’S PUBLIC-PRIVATE APPROACH TO CYBER SECURITY
… Did I just mention a health epidemic? Ms. Yurie Ito, Executive Director of CyberGreen and Director of Global Coordination at JCPCERT/CC, came right to my rescue with a healing presentation about the groundbreaking work of CyberGreen Initiative. The idea is pretty simple and intuitive – more than traditional national security approach that is primarily responsive and only looks at attribution, her organization is using the public health approach. The treatment of cyber security with a global public health model focuses on Cyber ecosystem’s health, searching for systemic risk conditions, collecting reliable metrics, mitigating best practices. We look at the incidents, the carriers, and the environmental conditions that allowed these incidents , addressing them as interconnected systems. To have a healthy cyber ecosystem works just like global public health – we need collective global cooperation, from governments, corporate conglomerates, organizations, businesses and individuals alike. When you clean up an “infection” (for ex. malware) and put in systems to prevent further exposure, you contribute to everyone’s health, cyber ecosystem health.
What are the major obstacles to this blissful, healthy cyber ecosystem where everyone does their part, consciously, responsibly? According to Ms. Ito, it is not only the lack of will, but primarily the limited access to raw data. Specific metrics and data sets are required to map out our cyber ecosystem, but such data collection is an arduous undertaking. Not many are motivated to share. Without cross-national comparable data sets, we cannot have transparency and mitigate the root causes of our systems’ vulnerabilities. I learned that CyberGreen Initiative is using “super heroes”, they are super-mitigating volunteers that collect all the risk conditions globally, analyze the data and provide solutions to heal. Thank you, CyberGreen super heroes!
I suppose the take-away from Ms. Ito’s presentation depends on individual personalities. Some may snarl, say it will never work, and then there are those amazing individuals like Ms. Ito who believe change is possible. Take printing for example. If I ask you to print all that you read today, you’ll cringe. But there was a time before most emails included the think-twice-before-your-print motto. Let’s call that time print-o-mania. Now people and companies pride themselves in being green. Who knows, maybe we’ll start seeing the CyberGreen Initiative logo as a badge of honor for cyber healthy businesses, organizations, even nations. I’ll go even further and propose a World Cyber Health Organization? Hmm, WCHO sound too much like a sneeze…
For more information on the work of CyberGreen, please visit http://www.cybergreen.net
For more information on cyber security, see work of Dr. Libicki