The world has grown wearily accustomed to the concept of cyberspace being mankind’s newest battleground. So while the Japanese defence establishment was understandably unsettled by the recent cyber attacks against arms company Mitsubishi Heavy Industries (MHI)—which first occurred in August but were only disclosed this week—the phenomenon will have struck governments and corporations that have experienced similar attacks as nothing particularly new.
The specifics of the attack on MHI and other Japanese entities remain unclear. While the Japanese media has attempted to trace the attack back to China—the usual suspect in these cases—its origin has not been publicly confirmed. Certainly, Beijing denied that it was involved, as it always does, despite admitting earlier this year to the existence of a PLA cyber warfare unit known as the Blue Army.
What was remarkable about this cyber attack was its suspected connection to the Mukden Incident of 1931, a black day in Chinese history that set Japan’s invasion of Manchuria in train. The run-up to the 80th anniversary of the incident on September 18—the Chinese know it as the 9/18 Incident—was marked by online calls from Chinese netizens for cyber attacks to be launched in revenge against Japanese targets, according to the local authorities.
Cyber attacks originating in China are usually regarded as attempts to steal information and technological data, and the breaching of MHI’s servers arguably suggests that the latest episode fits into that pattern (the firm builds Japan’s submarines and F-15s, among other systems). However, it’s becoming increasingly apparent that cyber warfare presents all kinds of new opportunities to countries or individuals with an axe to grind.
If the cyber attack is to become an outlet for Chinese nationalism, and not just a means of scooping data out of foreign computer networks, then those countries that have wronged China over the last couple of centuries are now on notice. There are many other dark moments in Chinese history that the hackers, either official or unofficial, might take it upon themselves to commemorate by way of revenge cyber strikes; in China, these anniversaries sadly come thick and fast.
The point is that cyber capabilities provide governments and individuals with the means to strike first, without earning the same condemnation—and more importantly the inevitable armed response—that a first strike involving conventional weapons would earn. Russia’s cyber attacks against Estonia in 2007, conducted in retaliation for an Estonian decision to relocate a Soviet war memorial, set the precedent; what many Estonians regarded as an act of war didn’t appear, somehow, to fit the standard definition.
So, whether the attacks come in order to extract sensitive data or as a salvo in war that, for practical reasons, has to be limited to cyberspace, it’s clear that the 21st-century state is far more likely to be targeted by electronic viruses and ‘phishing spears’ than it is by bombs and bullets. Many are still learning how to respond to the threat. It appears that MHI attempted to hush up the cyber attacks, which were initiated weeks before it notified the government, as if being targeted by hackers were something to be embarrassed about. But if a foreign air force had bombed MHI’s factories, it seems unlikely that the company would have felt similarly ashamed.
While the defenders are still learning how to protect themselves against cyber attacks, and how to deal with the fallout when they happen, the attackers are technologically several steps ahead. And they seem to be finding more motives to do what they do. To espionage, theft, and terrorism is now added revenge.