Initial Disclosure Date: Sep 3, 2012

It has been three and a half years since Tokyo, Beijing, and Seoul proposed trilateral cybersecurity cooperation. After that, they have almost never seen any progress. The three non-allied countries have difficulty in sharing sensitive information on cyber threats and prioritize domestic politics and economy over cybersecurity collaboration. Furthermore, the diplomatic ties sometimes become strained due to their historical and territorial issues. Especially this year, tensions are mounting between Japan and China as well as Japan and South Korea after Hong Kong activists and President Lee Myung-bak landed on the Senkakus and Takeshima respectively. All of these factors prohibit the governments from pursuing trilateral cybersecurity cooperation.

It was the Action Plan for Promoting Trilateral Cooperation among the People’s Republic of China, Japan and the Republic of Korea that first officially referred to the trilateral cooperation after the summit on December 13, 2008. The Action Plan stipulated two cybersecurity related objectives: “In utilizing the 'Cyber-Secretariat', progress made in each cooperation project will be monitored on a real-time basis, so that improvements can be made in the tripartite cooperation efforts, by encouraging areas lacking progress and avoiding project overlaps.” “The 'Cyber-Secretariat', officially titled 'TCCS' (Trilateral Cooperation Cyber-Secretariat), is to be launched in 2009. A database has been built, which will keep track of all results from tripartite meetings and consultations including the Trilateral Summit.”^{(footnote:ⅰ)}

The Summit to promote trilateral cooperation started in 1999 to mainly discuss economic issues including potential economic effects by China’s entry into the WTO. Later, the three countries began dialogues about the North Korean nuclear program in 2002 in addition to less contentious economic issues.^{(footnote:ⅱ)} After DDoS attacks on Estonia as the first known nation state attacks in 2007 and the combination of a physical conflict and cyber attacks on Georgia in 2008, the international community began realizing the necessity to take cybersecurity strategy at the state level and cooperate multilaterally or at least minilaterally. In this context, Japan, China, and South Korea referred to cybersecurity cooperation in December 2008.

Nevertheless, there has been no information on the Cyber-Secretariat available as of September 3rd, 2012. During the joint press conference after the second summit on October 10, 2009, President Lee Myung-bak said that the three governments want to seek the establishment of a permanent secretariat after they launch and evaluate an online secretariat.^{(footnote:ⅲ)} After the third summit on May 30, 2010, the three countries signed the Memorandum on the Establishment of the Trilateral Cooperation Secretariat among the Governments of Japan, the People’s Republic of China and the Republic of Korea. This document, however, has no referral to cybersecurity.^{(footnote:ⅳ)} The fourth summit between May 21st and 22nd, 2011, focused on the Great East Japan Earthquake and nuclear issues, and it again did not mention anything about cybersecurity.^{(footnote:ⅴ)}

The leaders of Japan, China, and South Korea held the 5th Trilateral Summit Meeting in Beijing on May 13, 2012. Following the summit, they issued the Joint Declaration on the Enhancement of Trilateral Comprehensive Cooperative Partnership, in which the three leaders “encouraged the three countries to advance cooperation in non-traditional security issues, such as piracy, energy security, cyber security, communicable diseases, terrorism and proliferation of weapons of mass destruction (WMD).”^{(footnote:ⅵ)} They have not decided which areas they would cooperate on specifically. Even the Cyber-Secretariat has not been established yet. The trilateral cybersecurity cooperation seems to be a long way to go. First of all, it is necessary to choose specific areas to collaborate together before the establishment of an online version of the secretariat. It will take some time to launch the Cyber-Secretariat, because the three governments have to evaluate the online secretariat first before the start of permanent one.

Ties are strained in both physical and cyber domains after President Lee visited Takeshima on August 10 and seven Hong Kong activists landed on the Senkakus on the 15th. These incidents discourage the three governments to pursue their cybersecurity cooperation. South Korean Internet users have launched cyber-attacks on Japan multiple times. They usually happen on March 1, the anniversary of the independence movement on March 1, 1919, or August 15, the anniversary of the end of World War II. Their usual target is the 2channel website, the largest online bulletin board in Japan. When the website was under DDoS attacks on March 1, 2010, 30 parts of the website took off line. Since the server is located in the United States, the FBI started investigating the case. The Internet Counter Terrorism Union, a South Korean online community website, had gathered momentum to launch cyber-attacks on the 2channel website on August 15, after the territorial dispute heated up between Japan and South Korea this year. Nevertheless, a leader posted a message in the early morning on August 15 to notify that attacks will be sometime in September and the attacks on August 15 had been cancelled. So far, they do not seem to have picked up any specific day yet. The South Korean media reported that they may resort to cyber-attacks more sophisticated than hacking or DDoS attacks.^{(footnote:ⅶ)}

China has also launched cyber attacks on Japan, driven by territorial tensions. The Honker Union, a Chinese hacktivist group, launched DDoS attacks, defacement of Japanese government websites, and malicious intrusions in September 2010 and 2011 after a Chinese fishing boat collided with two Japan Coast Guard ships near the Senkakus on September 7, 2010. Right after the landing of the Hong Kong activists on one of the disputed Senkaku Islands, a part of the Nara National Museum’s website was defaced to include English sentences. The malicious actor claimed that the Senkakus will remain a part of Chinese territories and they are the 33rd province in China.^{(footnote:ⅷ)}

Given the current circumstance, the three countries may still have ad hoc information sharing or cooperation at engineer-to-engineer level, but it would be extremely challenging for each of the governments to grow momentum to promote trilateral cybersecurity cooperation as their national strategy and to take the national leadership. Rough roads lie ahead of the three governments.

Related Informations:

1. Ministry of Foreign Affairs, “Japan-China-ROK Trilateral Summit --- Action Plan for Promoting Trilateral Cooperation among the People’s Republic of China, Japan and the Republic of Korea,” December 13, 2008,
   http://www.mofa.go.jp/region/asia-paci/jck/summit0812/action.html
2. Ministry of Foreign Affairs, “Obuchi Sori no ASEAN + 3 shuno kaigi to shusseki (gaiyo to hyoka) [Prime Minister Obuchi’s attendance to the ASEAN + 3 Meeting (Outline and Evaluation)],” November 28, 1999,
   http://www.mofa.go.jp/mofaj/kaidan/kiroku/s_obuchi/arc_99/asean99/3shuno.html , 227-228.
   Kunihiko Miyake, “Nicchukan samitto ha nani no tame? [What is the Japan-China-ROK Trilateral Summit for?],” Sankei Shimbun, May 17, 2012
   http://sankei.jp.msn.com/politics/news/120517/plc12051708180006-n1.htm
3. Prime Minister of Japan and His Cabinet, “Nicchukan kyodo kasha kaiken [Japan-PRC-ROK joint press conference],” October 10, 2009
   http://www.kantei.go.jp/jp/hatoyama/statement/200910/10JCKkyoudou.html
4. Ministry of Foreign Affairs, “Japan-China-ROK Trilateral Summit --- Memorandum on the Establishment of the Trilateral Cooperation Secretariat among the Governments of Japan, the People’s Republic of China, and the Republic of Korea,” May 30, 2010
   http://www.mofa.go.jp/region/asia-paci/jck/summit1005/memorandum.html
5. Ministry of Foreign Affairs, “Summit Declaration,” May 22, 2011
   http://www.mofa.go.jp/region/asia-paci/jck/summit1105/declaration.html
6. Ministry of Foreign Affairs, “The Fifth Trilateral Summit Meeting among The People’s Republic of China, the Republic of Korea and Japan --- Joint Declaration on the Enhancement of Trilateral Comprehensive Cooperative Partnership (13 May 2012 Beijing, China),” May 13, 2012
   http://www.mofa.go.jp/region/asia-paci/jck/summit1205/joint_declaration_en.html
7. Livedoor News, “Kankoku ga ‘2 channel’ heno saiba kogeki wo keikaku ka ‘Kotoshi ha yori chino-teki [South Korea seems to be preparing for cyber attacks on the ‘2 channel’ --- ‘This year’s attacks will be more sophisticated’],” August 18, 2012,
   http://news.livedoor.com/article/detail/6866492/32.html
8. Asahi Shimbun, “Nara Kokuritsu Hakubutsukan no HP kaizan, eibun de ‘Senkaku ha chugoku ryodo’ [the website of the Nara National Museum was defaced to include an English message, ‘the Senkakus belong to China’],” August 18, 2012
   http://www.asahi.com/national/intro/TKY201208170485.html

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.