Japan, AUKUS and cyberwarfare
13 May 2024|

Cooperating to strengthen Japan’s cyber defences and develop new offensive cyberweapons must be the first priority of any AUKUS collaboration involving Japan. Not only is this now key to Japan’s security, but it is a vital precursor before Australia, Britain and the US can trust that deeper involvement by Japan in the military pact can take place.

AUKUS exists to develop strategic weapons and technologies required to deter China and other states from threatening the peace of Australia’s region. The prospect of Japan joining the pact could improve the speed and scope of such technology development, bolstering the credibility of present efforts to deter China as the world scrambles to reduce the prospect of war.

This month, AUKUS defence ministers announced that Japan’s incorporation into AUKUS is being ‘considered’, but they have remained tight-lipped as to what specific technology development Japan would be included in. We do know, however, that Japan’s involvement would focus on the development of so-called advanced capability projects under Pillar 2 of the pact. This encompasses the development of underwater drones, quantum technology, artificial intelligence, hypersonic weapons, electronic warfare systems and advanced cyber capabilities. Those technologies are key to Australia’s and Japan’s ability to defend themselves in a future war and have been prioritised in the Australian government’s recent National Defence Strategy. It is in the area of offensive and defensive cyber capabilities that collaboration with Japan is most urgent.

In recent years, Japan has been heavily targeted by China and state-backed cybercriminals, including in successful attacks on Japan’s own cybersecurity centre, the country’s space agency, major firms like some in the Mitsubishi group, and even the prime minister’s office. Japan has responded to these growing cyber threats by expanding the parts of its armed forces that are responsible for cyberwarfare. In its recent national defence strategy, Japan has also publicly expressed for the first time a willingness to use offensive cyber capabilities to pre-emptively disrupt adversaries targeting its networks.

Japan’s efforts to strengthen its cybersecurity defences are limited by the size and available expertise of its workforce. Collaboration under the auspices of AUKUS is an obvious way for Japan to address this by operating jointly with the US, Britain and Australia to train its cyber workforce and obtain greater foreign assistance in protecting its networks.

The hard reality is that Japan must first address its cybersecurity deficiencies before deeper integration into the AUKUS pact is possible. For AUKUS members and Japan to realise the synergies of integrating members’ military and research sectors, they must be confident that tech secrets can be safely shared and developed between them. Conversely, China’s and Russia’s foreign intelligence services will know that a sufficiently high-profile breach of the AUKUS crown jewels of one member could scuttle the whole partnership.

Japan may have struggled to expand its cybersecurity workforce, but Japanese industry is a global leader in technological innovation, and it has a record of producing insightful intelligence on emerging technology. Japan’s technology prowess could transform AUKUS’s ability to produce game-changing cyber weapons—a research-intensive exercise that requires deep knowledge of how specific devices and components are designed, made and networked.

Offensive cyber capabilities or cyberweapons are, in the simplest terms, instructions surreptitiously delivered into a computer or network of computers that, when followed, cause that computer or network to malfunction. When those computers are connected to physical systems such as an energy grid, an assembly line or military equipment, the results can obviously be destructive. One of the most famous examples is the Stuxnet virus that was used to sabotage more than a dozen Iranian nuclear facilities by instructing uranium centrifuges to spin irregularly; 900 were disabled. Developing offensive cyberweapons relies on closely examining how physical components or devices are networked and identifying vulnerabilities in enabling software that can be exploited to trigger malfunctions. Japanese insights into the future of the global technology supply chain are valuable to AUKUS partners wishing to understand how to target and protect everything from energy grids to missile guidance systems to manufacturing facilities.

Developing those cyberweapons with Japan, however, will depend on overcoming some critical legal and operational hurdles. For one, offensive cyber capabilities have hitherto existed in a grey area concerning Japan’s pacifist constitution, which renounces the right to threaten or use ‘force as a means of settling international disputes’. Greatly expanding the arsenal of cyberweapons available to Japan for defence or deterrence could challenge that position.

Furthermore, like so many of the military capabilities to be developed under AUKUS, there will be questions about to what extent joint development entitles parties to joint planning and joint control over how new weapons and platforms are used in warfare. This is particularly pertinent to offensive cyber capabilities, as many such weapons rely on zero-day or similar exploits that can be used only so many times before being discovered and fixed. How would the AUKUS nations plus Japan coordinate their use of such weapons? Would the nation most responsible for their development have greater say over when and how those weapons are deployed? These challenges are likely to arise with regard to other AUKUS technologies, including nuclear submarines, but offensive cyberweapons are where we are likely to encounter them first. How and to what extent they can be resolved will have important ramifications for the wider security pact, well beyond the cyber domain.