In the fall of 2020, the National Security Agency made an alarming discovery: Chinese military hackers had compromised classified defense networks of the United States’ most important strategic ally in East Asia. Cyberspies from the People’s Liberation Army had wormed their way into Japan’s most sensitive computer systems.
The hackers had deep, persistent access and appeared to be after anything they could get their hands on — plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity.
“It was bad — shockingly bad,” recalled one former U.S. military official, who was briefed on the event, which has not been previously reported.
Tokyo has taken steps to strengthen its networks. But they are still deemed not sufficiently secure from Beijing’s prying eyes, which, officials say, could impede greater intelligence-sharing between the Pentagon and Japan’s Defense Ministry.
The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S. Cyber Command, and Matthew Pottinger, who was White House deputy national security adviser at the time, raced to Tokyo. They briefed the defense minister, who was so concerned that he arranged for them to alert the prime minister himself.
Beijing, they told the Japanese officials, had breached Tokyo’s defense networks, making it one of the most damaging hacks in that country’s modern history.
The Japanese were taken aback but indicated they would look into it. Nakasone and Pottinger flew back “thinking they had really made a point,” said one former senior defense official briefed on the matter.
Back in Washington, then-President Donald Trump was busy contesting Joe Biden’s election victory, and administration officials were preparing for a transition. Senior national security officials briefed incoming national security adviser Jake Sullivan during the handoff, but the incoming Biden administration faced a swirl of issues — including how to deal with a major Russian breach of U.S. agency networks discovered during the Trump administration — and some U.S. officials got the sense the Japanese just hoped the issue would fade away.
By early 2021, the Biden administration had settled in, and cybersecurity and defense officials realized the problem had festered. The Chinese were still in Tokyo’s networks.
Since then, under American scrutiny, the Japanese have announced they are ramping up network security, boosting the cybersecurity budget tenfold over the next five years and increasing their military cybersecurity force fourfold to 4,000 people.
The stakes are high.
Beijing, bent on projecting power across the western Pacific — an area it controversially claims as part of a historic maritime dominion, has increased confrontation in the region. It fired ballistic missiles into Japan’s exclusive economic zone last August after then-House Speaker Nancy Pelosi (D-Calif.) visited Taiwan, a self-ruled democracy that China claims. It has embarked on a major nuclear weapons buildup. And it has engaged in dangerous air and naval maneuvers with U.S., Canadian and Australian ships and jets in the Pacific.
China, which already boasts the world’s largest legion of state-sponsored hackers, is expanding its cyber capabilities. Since mid-2021, the U.S. government and Western cybersecurity firms have documented increasing Chinese penetration of critical infrastructure in the United States, Guam and elsewhere in the Asia-Pacific. The targets include communication, transportation and utility systems, Microsoft said in May.
China-based hackers recently compromised the emails of the U.S. commerce secretary, the U.S. ambassador to China and other senior diplomats — even amid an effort by the Biden administration to thaw frosty relations with Beijing.
“Over the years we have been concerned about its espionage program,” said a senior U.S. official. “But China is [also] developing cyberattack capabilities that could be used to disrupt critical services in the U.S. and key Asian allies and shape decision-making in a crisis or conflict.”
In the face of this aggression, Japan has stepped up, moving beyond the traditional “shield and spear” arrangement in which Tokyo focuses on the country’s self-defense, while Washington provides capabilities that support regional security, including the nuclear umbrella that protects Japan and South Korea. Japan is developing a counterstrike capability that can reach targets in mainland China. It is buying U.S. Tomahawk cruise missiles. And it is permitting the U.S. Marine Corps to place a new advanced regiment in remote islands southwest of Okinawa, a location that, along with the northernmost islands of the Philippines, allows the U.S. military proximity to Taiwan should a conflict with China erupt.
“Japan and the United States are currently facing the most challenging and complex security environment in recent history,” Prime Minister Fumio Kishida said at a news conference with President Biden in Washington in January. He noted Japan’s new national security strategy boosting its defense budget and capabilities. “This new policy,” he said, “will be beneficial for the deterrence capabilities and response capabilities of the alliance as well.”
U.S. Defense Secretary Lloyd Austin has indicated to Tokyo that enhanced data-sharing to enable advanced military operations could be slowed if Japan’s networks are not better secured.
“We see tremendous investment and effort from the Japanese in this area,” said a senior U.S. defense official. But work remains to be done. “The department feels strongly about the importance of cybersecurity to our ability to conduct combined military operations, which are at the core of the U.S.-Japan alliance.”
