Initial Disclosure Date: Jun 26, 2012

On September 21, 2009, the Ministry of Defense (MOD) decided to establish the Cyberspace Defense Unit (CSDU) to deal with cyber-attacks on the Ministry and Self Defense Forces (SDF), given the fact that cyber-attacks were increasing rapidly all over the world. The CSDU was designed to have about 60 members under the SDF C4 (Command, Control, Communication, and Computers) Systems Command, which is in charge of maintenance and operation of the SDF’s defense information infrastructure system and the Central Command System. The SDF C4 was launched in March 2008. The CSDU will aim to: first, collect information on new computer viruses and research countermeasures; second, monitor and protect the command and control systems owned by the Ministry and SDF; and finally, cultivate experts.^{(footnote:ⅰ)}

Also, the Ministry decided to assign a new post, Deputy Head, C4 Systems Planning Division (cyber) in the Joint Staff Office (JSO) to devise mid to long-term cybersecurity strategy. Since Marcy 2011, Deputy Head has been formulating a SDF cybersecurity concept and coordinating with foreign counterparts.^{(footnote:ⅱ)}

In December 2011, the MOD reviewed its initial plan for CSDU and announced to establish the Unit with better information structure and manpower in Fiscal Year 2013, because cyber-attacks had become more sophisticated and complicated. Actually, the Ministry had allocated CSDU budget in its Fiscal Year 2011 budget package plan in order to establish the Unit by the end of 2012. However, the Command and Control Systems Division of the JSO recognized that they should prioritize better infrastructure and manpower than a speed-before-quality organization, which would not be able to deal with mounting threats. Thus, the Ministry postponed the Unit establishment and decided to take more time to cultivate experts and research cyber-attacks. At this stage, the CSDU will reportedly have the following capability: first, collect open sources information on cyber-attacks; second, conduct cyber-attack simulations to improve countermeasures; and finally, analyze such simulations.^{(footnote:ⅲ)}

After that, the MOD has not released any further information on the Unit. However, the Sankei Shimbun reported on January 21, 2012, that the Ministry plans to launch the Unit with 100 members in the end of 2013 and the CSDU will protect not only the Ministry and SDF but also other ministries and agencies, affiliated organizations, and defense contractors. This scoop has not been confirmed by other newspapers or the Ministry.

The Sankei Shimbun argued that its sources are multiple government officials. According to the newspaper, given increasing Chinese cyber-threats and a large number of cyber-attacks on Japanese defense contractors including the Mitsubishi Heavy Industries, ministries, agencies, and the Diet, the Ministry started to consider both defensive and offensive capability and the expansion of defense coverage. The government will determine the defense coverage of the CSDU by August 2012 when the MOD has to submit its Fiscal Year 2013 budget request. Since the Unit will conduct cyber-warfare simulations with red and blue teams, offensive capability is essential to have. The Ministry may use not only computer viruses that were used in previous attacks but also develop new cyber-attach technology including computer viruses.^{(footnote:ⅳ)}

Furthermore, it is necessary to have a criterion to determine whether a foreign cyber-attack is armed attack (contingency) or not. According to the Sankei Shimbun article, the government is now trying to establish such criterion based on the Armed Attack Situations Response Law, and will regard a cyber-attack as armed-attack if: first, the attack uses computer viruses or illegal access; second, critical infrastructure or lifeline is seriously damaged; and finally, people’s lives and property are threatened.^{(footnote:ⅴ)}

Another Sankei Shimbun article dated June 14th, 2012, reported that the Ministry had decided to allocate about 10 billion yen or 126 million USD to establish the CSDU in its Fiscal Year 2013 budget request on June 13. The CSDU may start joint training with U.S. forces’ cybersecurity units.^{(footnote:ⅵ)}

So far, the Japanese website of the People’s Daily Online referred to the CSDU’s capability twice ---- in 2010 and 2012. On June 18, 2010, Yuan Xuan and Zhao Dexi, researchers in the PLA Academy of Military Sciences, published a report, “Nihon nado kakkoku no ‘saiba-sen’ gunbi [The cyberwarfare capability of each country including Japan].” They introduced overestimated Japanese cybersecurity capability as follows, which is very different from the reality:^{(footnote:ⅶ)}

Importantly, the Japanese strategic philosophy is to acquire the control over networks and thus paralyze enemy’s combat system. Tokyo emphasizes both defensive and offensive capability in establishing its cyber-warfare system, and invested a large amount of money in hardware and cyber-warfare troops. The country has already established infrastructure for defense intelligence communication and computer system’s common operation. This allows SDF to exchange and share resources in their network systems. In addition, SDF has launched the Cyberspace Defense Unit consisting of 5,000 members. Its cyber-weapons and cyber-defense system have already achieved relatively high performance. SDF prioritizes joint development with the U.S. forces and introduces sophisticated technology from its ally. Both self-developed and U.S. technology contributes to enhance SDF’s cyber-warfare capability.

For a while, foreign media had not followed up the CSDU, but the People’s Daily website in Japanese carried another article, which seems to a response to Sankei’s news article. The article warned about cyber-warfare on June 14, 2012. “We have not heard about the spread of super viruses in East Asia yet, but Japan and the United States secretly started an arms race for cyber-weapons. We may not see the outbreak of cyber-warfare for a while, but it is in a volatile.^{(footnote:ⅷ)} This article corrected the size of CSDU, but it is more worried if Japan’s legal basis for cyber-warfare may pave the way for an actual warfare as follows: ^{(footnote:ⅸ)}

Japan planned to establish a cyber unit in the 2005 mid-term defense program guideline and the unit was launched on March 26, 2008. The country will also have a Cyberspace Defense Unit with about 100 members by the end of 2013 to train cyber-attacks in simulations and improve countermeasures against cyber-attacks. We have to watch out that the Japanese government is accelerating the development of cyber-attacks, making the upmost efforts to seek legal basis for cyber-warfare, and paving the way for cyber-warfare. Such planning may lead to rescinding the constraints of “the pacifist Constitution” in cyberspace and starting “cyber-warfare” earlier than any other countries. Japan is not only rushing the establishment of the CSDU but also planning to collaborate with other countries.

The expression, “2005 Mid-term defense program,” must be caused by the confusion of Mid-term Defense Program and National Defense Program Guideline. It is true that the SDF C4 was established based on the 2005 Mid-term Defense Program. Nevertheless, the People’s Daily’s article is not very precise because the SDF C4 is not totally a new cyber unit. It replaced JSO’s Operation Division of Command and Control Communication Systems. Furthermore, there is not international law, which defines cyber-attacks. Thus, it has not been determined yet whether cyber-attack can be categorized as “armed attack” or not. The SDF Law only covers air, land, and maritime, and not cyberspace. There is no progress in discussions if Article 9 of the Japanese Constitution allows the SDF to have offensive capability in cyberspace.

There are two possible reasons why the People’s Daily articles are not necessarily accurate: first, there is little information available about SDF’s capability to counter cyber-attacks and the CSDU both in Japanese and English. Among Japanese newspapers, Sankei is basically the only one that follows the CSDU and it does not have an English websites unlike other major newspapers.^{(footnote:ⅹ)} It is not surprising that little open sources cover the CSDU overseas. Second, the People’s Daily probably aims to prompt a sense of crisis among the public and PLA and justify the expansion of Chinese cyber-warfare capability for “self-defense” by overestimating the SDF.

Related Informations:

1. World Times, “Boeisho, saiba kukan boeitai wo shinsetsu --- 11 nendo hossoku mezasu [the Ministry of Defense will launch Cyberspace Defense Unit in Fiscal Year 2011],” September 22, 2009,
   http://www.worldtimes.co.jp/today/kokunai/090922-1.html
2. “Defense of Japan 2011,”
   http://www.mod.go.jp/e/publ/w_paper/pdf/2011/30Part3_Chapter1_Sec2.pdf , 227-228.
3. Asagumo News, “Saiba kogeki takamaru kyoi sessoku haishi, jinzai ikusei nado junbi ni zenryoku boeitai shinpen 1 nen zurashi kiban katameru [the government will take one more year to establish the Cyberspace Defense Unit to make sure to have the best manpower and better respond to mounting threats],” December 8, 2011,
   http://www.asagumo-news.com/news/201112/111208/11120804.html
4. Sankei Shimbun, “Saiba butai, hangeki kano Jieitai, 100 nin taisei [Cyberspace Defense Unit will have offense capability with 100 members],” January 21, 2012,
   http://sankei.jp.msn.com/politics/news/120121/plc12012101310000-n1.htm
   http://sankei.jp.msn.com/politics/news/120121/plc12012101310000-n2.htm
5. Sankei Shimbun, “Saiba butai, hangeki kano Jieitai, 100 nin taisei [Cyberspace Defense Unit will have offense capability with 100 members],” January 21, 2012,
   http://sankei.jp.msn.com/politics/news/120121/plc12012101310000-n2.htm
6. Sankei Shimbun, “Saiba butai ni 100 oku-en gaisan yokyu hoshin [Japanese Ministry of Defense will seek 10 billion yen for Cyberspace Defense Unit in its budget request],” June 14, 2012,
   http://sankei.jp.msn.com/politics/news/120614/plc12061406590006-n1.htm
7. Yuan Xuan and Zhao Dexi, “Nihon nado kakkoku no ‘saiba-sen’ gunbi [The cyberwarfare capability of each country including Japan],” People’s Daily, June 17, 2010,
   http://j.people.com.cn/94474/7029531.html
8. Jiang Li, “Higashi ajia no ‘saiba senso’ boppatsu ha sudeni SF dehanai [a scenario of cyber-warfare in East Asia is not a science fiction anymore],” People’s Daily, June 14, 2012,
   http://j.people.com.cn/94474/7845332.html
9. Jiang Li, “Higashi ajia no ‘saiba senso’ boppatsu ha sudeni SF dehanai [a scenario of cyber-warfare in East Asia is not a science fiction anymore],” People’s Daily, June 14, 2012,
   http://j.people.com.cn/94474/7845332.html
10. The only exception so far is an article by Asahi Shimbun dated October 4th, 2010. The newspaper quoted Hiroshi Ito, the first commanding officer of the JGSDF System Protect Unit, and suggested that the CSDU would have less than 100 members. He also referred to the exaggeration of the People’s Daily article dated June 17th, 2010. Kuniichi Tanida, “’Daigo no kukan’ de [dai 2 kai] Chugoku gawa ha, Nihon no saiba-sen noryoku wo kadaishi LAC tokubetukenkyuin Ito Hiroshi san ni kiku [No.2 --- In the Fifth Domain: China exaggerates Japan’s cyber-warfare capability, Interview with Hiroshi Ito, Special Fellow with LAC],” Asahi Shimbun, October 4, 2010,
    http://globe.asahi.com/feature/101004/side/02_01.html
    World Times, “Boeisho, saiba kukan boeitai wo shinsetsu --- 11 nendo hossoku mezasu [the Ministry of Defense will launch Cyberspace Defense Unit in Fiscal Year 2011],” September 22, 2009,
    http://www.worldtimes.co.jp/today/kokunai/090922-1.html

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.