The WannaCry ransomware attacks, which some experts tentatively attribute to North Korea, remind us again that malicious malware crosses borders without pause and has the potential to cause serious harm to friend and foe alike. Days after the news broke, 99 countries had reported attacks, including major disruptions at 16 of Britain’s National Health Service healthcare centers, Russia’s Interior Ministry, FedEx, and the Spanish telecom giant, Telefonica. Despite significant investment in network security, automated security patching by Microsoft, and the best efforts of computer emergency response teams (CERTs) and incident responders across the globe, WannaCry spread like wildfire, wreaking damage on those infected. Cyence, a cyber risk modeling firm, estimates the WannaCry ransomware caused $4 billion in damages in just a few days. The rapid and destructive spread of this ransomware highlights the need for a coordinated international response to large-scale cyber attacks.
The Trump administration’s newly-issued Executive Order on cybersecurity calls for public and private input on defending U.S. networks as well for an international cyber engagement strategy. The order is a small step in the right direction toward addressing systemic risk to the internet, but the time has come for real action. The interconnected and interdependent nature of today’s international system comes with it new risks of catastrophic failure and concrete steps must be taken to address them. This means better real-time coordination between a variety of security vendors, CERTS and internet service providers (ISPs), a stronger commitment to security from developers and end users, and better cross-border support between governments pulling in domestic private resources as needed.
Nowhere is this need more striking than in our alliance with Japan. The destruction of Sony’s corporate IT system in 2014 and the 2015 pension system hack in Japan serve as stark reminders of the serious threats the United States and Japan face. In the aftermath of the Sony attack, we know that North Korea — bent on developing a nuclear missile that threatens both nations — has the ability to launch a sophisticated cyber attack in conjunction with a conventional or nuclear strike. Similarly, we see Russia — accused of meddling in the 2016 U.S. presidential elections — incorporating crippling cyber attacks on communications, financial, and energy infrastructure into its military campaigns against Georgia and the Ukraine.
Yet, almost 30 years after the Morris Worm shut down 10 percent of the Internet in 1988, Japan has done little to prepare to defend against a nation-state sponsored cyber attack. Although Japan’s recent pledge to participate in the Department of Homeland Security-sponsored Automated Indicator Sharing program is laudable, U.S.-Japan alliance coordination on cyber is still mostly talk, presentations, and white papers. The 2020 Summer Olympics in Tokyo offers our foes an attractive target. Protecting this high-profile event from malicious actors needs to be a key element of our engagement strategy with Japan, and a momentum-builder for taking Japan’s cybersecurity to the next level.
North Korea’s cyber weaponry offers it an effective way to unleash its hostile intentions toward the United States and Japan, a risk too dangerous to ignore. The U.S.-Japan alliance and Japan’s own constitution permit a strong response in the face of a military attack on Japanese soil. They provide all the legal underpinnings for an active and effective collaboration on cyber defense. U.S. forces and the JSDF need to put action behind words and start training together on responding to significant cyber events and significant cyber attacks arising within a larger conflict.
Finally, the WannaCry attacks force us to acknowledge the cross-border interconnections of public and private infrastructure as well as telecoms, corporate systems, and other private networks and endpoints. Responding to attacks against internet-connected systems assets requires an unprecedented level of cooperation between private and public elements — hardware and software providers and operators, incident responders, domestic law enforcement within countries, and most of all, end users — as well as real time cross-border exchanges among private and public-sector organizations. Finding ways to facilitate rapid cross-border, cross-sector response mechanisms is critical to thwarting these sort of fast spreading threats before they do major damage. There is no easy answer here. Everyone, even end users, must take on some responsibility for securing networks, but it is up to governments to lead the way.
The U.S and Japanese governments have been holding an annual U.S.-Japan Cyber Dialogue since 2013. The two countries need to take the next step beyond information exchange and develop a list of actionable items for collaborating on reducing vulnerabilities and responding to incidents. We recommend the following steps:
- Establish liaison exchanges that will promote better cyber threat awareness and coordination — to include putting personnel in situation rooms such as the National Crime Information Center and forming joint task forces of intelligence and law enforcement authorized to act on situations as they develop.
- Working to include Japan’s Self-Defense Forces in U.S. military communications networks, such as the Mission Partner Environment/Multinational Information Sharing and related systems, to improve security and interoperability.
- Institutionalizing meaningful coordination between industry-focused U.S. and Japanese Information Sharing and Analysis Centers (ISACs) that permit rapid dissemination of threat information, remediation steps, and best practices between private sector participants in both countries
The president’s Executive Order is a call to action. The WannaCry ransomware attacks are a warning of the consequences of non-action. The U.S. and Japan can and should heed that call.
Admiral Dennis Blair (USN-Ret.) is Chairman of the Board and Distinguished Senior Fellow (Non-Resident) of Sasakawa USA. Bud Roth is a Non-Resident Fellow for Cybersecurity at Sasakawa USA.