2011/09/25
A number of Japanese defense contractors have been targeted by large-scale cyber-attacks from overseas.
Among those was Mitsubishi Heavy Industries Ltd., Japan's largest defense company, where some 80 computers and servers were infected with computer viruses. One was a remotely controlled program designed to leak internal information.
The incident appears to have been a "targeted attack," a type of hacking becoming increasingly common around the world. In such an attack, spyware or other malicious software ("malware") designed to collect information about users without their knowledge is implanted in the servers of specific organizations or individuals via e-mail.
The number of reported malware attacks has increased sixfold in the past four years, according to the Ministry of Economy, Trade and Industry. In the latest series of cyber-attacks against the defense industry, some 900 individual cases have been reported to the National Police Agency so far.
Given the scale and sophistication of the hacking, it is clear that the government and businesses need to take urgent measures to protect their computer systems.
Yet despite the long-known dangers involved in such targeted attacks, both the government and private companies have been alarmingly slow to respond.
One major factor behind the lag is the tendency among Japanese companies to avoid publicizing the fact they have been targeted by hackers, and to try dealing with cyber-attacks in secret instead.
This reluctance to report attacks to the authorities, due mainly to the companies' fear that such a revelation may weaken public confidence in them, has made it difficult for governmental entities and the police to get a clear picture of the problem.
Defense contractors are different from other companies in that they have access to classified information from Japanese and foreign militaries, even though they are part of the private sector.
Yet there is no provision that clearly gives the Defense Ministry or any other part of the government the legal powers required for an effective policy response. It is left to individual companies to protect their information networks.
Companies that have become victims of cyber-attacks should cooperate with police and the government in finding out how their systems were penetrated, and should use the experience to strengthen society's defenses against such intrusions.
Japan can learn a lot from the efforts of the United States, which has experienced various cyber-attacks against its government and private companies.
In May, the Defense Department launched an experimental system that allows the Pentagon and defense contractors to share confidential information concerning cyber-attacks.
Japan has started to take steps forward. In August, the National Police Agency began to operate a network to share relevant information with some 4,000 private-sector companies that could potentially be targeted by hackers.
Computer networks are indispensable not only for the defense industry, but also for many other industries, including financial systems and public transportation.
Unless effective measures to defend industries against hacking are established, society will remain seriously vulnerable to hacker attacks that can cause enormous damage.
With cyber-attacks becoming increasingly sophisticated, it is naturally important to develop the technologies and human resources needed to counter them. But it is also vital to establish a system that enables the swift sharing of information, underpinned by a powerful monitoring network.
The ability to immediately identify new hacking techniques or methods as they emerge can help prevent attacks and damage being done to a large number of victims.
The government should take the lead in efforts to expand necessary cooperation between the public and the private sectors, as well as between domestic companies and the international community.
--The Asahi Shimbun, Sept. 24
No comments:
Post a Comment