Initial Disclosure Date: May 28, 2013

On May 24, The Ministry of Agriculture, Forestry and Fisheries finally admitted that cyber-attacks highly likely compromised its computers and led to the leak of 124 documents. The Committee to Investigate Cyber-Attacks on the Ministry of Agriculture held a press conference and released an interim report. On the same day, the ministry reprimanded eight officials including former Vice Minister Yoshitsugu Minagawa.

The committee had a private company analyze 103 computers that belong to the ministry and data transfer records. The company checked 5,500 computers and interviewed 50 ministry officials in total. The company found sophisticated Trojan Horse and noticed that 39 computers were connected to a C&C server. Yomiuri Shimbun claims that the server is located in Asia. Even though the ministry requires officials to follow a specific procedure in advance to use thumb drives, the committee found out that some of the interviewed officials used them without permission. ^(footnote:1)

124 documents seem to have been leaked from five computers between January and April 2012. According to the Yomiuri Shimbun, 85 documents are ranked Classification 2, whereas 39 are Classification 1. ^(footnote:2) Classification 3 is for secret or above. Classification 2 means that the document is not classified but still the leak of the information may lead to the violation of citizens’ rights or disrupt governmental missions. Classification 1 refers to the other information.

The interim report argues that the ministry including the leadership lacked risk awareness in terms of cyber and information security. The report points out that information related to the government is an important asset for Japan and the leak of such information would negatively affect the country. Second, the report indicates that the ministry was not able to take advantage of information security experts from the industry. Since the ministry does not have many in-house information security experts, they outsource experts who are embedded in the ministry. Yet, ministry’s information system administrators did not consult with those experts about the incident. Finally, the report notices the difficulty in accumulating information security expertise because government officials are shuffled every two to three years and they did not take enough time to train their replacements.

Sources:

1. Yomiuri Shimbun, “Nosui-sho, joho ryushutsu mitomeru… kimitsu bunsho 124 ten ka [The Ministry of Agriculture admitted the information theft --- probably 124 classified documents],” May 24, 2013,
   http://www.yomiuri.co.jp/national/news/20130524-OYT1T01313.htm
2. Yomiuri Shimbun, “Nosui-sho, joho ryushutsu mitomeru… kimitsu bunsho 124 ten ka [The Ministry of Agriculture admitted the information theft --- probably 124 classified documents],” May 24, 2013,
   http://www.yomiuri.co.jp/national/news/20130524-OYT1T01313.htm

• Information Security Policy Council, “Seihu kikan no joho sekyuriti taisaku no tame no toitsu kihan [information security standard for the government],” April 21, 2011 (revised on April 26, 2012),
  http://www.nisc.go.jp/active/general/pdf/kihan.pdf
• The Committee to Investigate Cyber-attacks on the Ministry of Agriculture, “Norinsuisan-sho heno saiba kogeki nikansuru chose kekka (chukan hokoku) [Interim Report: the results of investigation about the cyber-attacks on the Ministry of Agriculture],” May 24, 2013,
  http://www.maff.go.jp/j/press/kanbo/hisyo/pdf/130524_1-02.pdf
• The Japan News/ANN, “Panel blasts Japan’s farm ministry for poor response to data theft,” May 26, 2013,
  http://www.asiaone.com/News/AsiaOne%2BNews/Asia/Story/A1Story20130526-425223.html

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.