On the front page of today’s print edition of the Asahi Shimbun, roughly translated by yours truly:
Mitsubishi Heavy Cyber-Attack: Military and Nuclear Information Leaked?
Information also related to jet fighters and helicopters
Officials are suspicious that information relating to combat defense equipment and nuclear power plants has been leaked in the cyber-attack incident at Mitsubishi Heavy industries. From the left-over traces of the information transmitted to the outside world, there is said to be highly possible that something was stolen. Suspicions have begun to surface that the virus that infected MHI circulated military information.
The attack on MHI came to light in August. A total of 83 computers and servers were infected by a virus in a total of 11 sites, including the Kobe and Nagasaki Shipyards, which construct submarines and escort vessels, and the Nagoya Guidance and Propulsion System Works, where missile-related technologies are produced. MHI says that, “Leaks of equipment or client information have not been confirmed.”
However, according to officials, 10 additional servers within MHI are under investigate, some of which shows traces of having transmitted military and nuclear information.
As the military information that was likely to have been leaked is related to fighters and helicopters built by MHI under contract from the Ministry of Defense, it is unclear whether or not defense secrets have been leaked. The nuclear information includes the plans and equipment of nuclear power plants MHI has been involved with, as well as information on earthquake resistance.
The MoD demands that all companies dealing with defense secrets sign a contract that stipulates the management of secrets and measures to isolate them from other networks.
The person responsible for MHI’s PR group explained to Asahi Shimbun reporters that “Adequate care had been taken” with the management of secret information. On the question of whether military or nuclear information had been leaked, he said, “As the investigation is still underway, I must decline to comment.”
In the meantime, having received the report at the end of September, the Tokyo Metropolitan Police Department demanded the internet provider’s datalogs under suspiscion of a violation of the Law Against Unauthorized Access, and is now moving towards finding the originator.
Mitsubishi Heavy Industries designed and built many pressurized water-type nuclear power plants across the country, including Kyushu Electric Power’s Genkai Nuclear Power Plant.
If Asahi’s scoop is telling the whole story, then this story just got a whole lot worse. Given that the MoD requires defense secrets to be isolated from the wider network, it seems like that we are talking about what would be call ‘Restricted’ information in many other countries, rather than secrets. If defense secrets were released, however, then clearly MHI hasn’t been managing its information security in accordance to MoD requirements, and we may even see some heads roll.
As ever, time will tell.
A former contributor to World Intelligence (Japan Military Review), James Simpson joined Japan Security Watch in 2011, migrating with his blog Defending Japan. He has a Masters in Security Studies from Aberystwyth University and is currently living in Kawasaki, Japan.
His primary interests include the so-called 'normalization' of Japanese security (i.e. militarization), and the political impact of the abduction issue with North Korea.
James Simpson has 254 post(s) on Japan Security Watch