SVG
Commentary
Nikkei Asian Review

Japan Defense Industry Needs Security Boost

Tokyo must protect world-class arms suppliers against spies and cyberattacks

Japan's bid to tighten military cooperation with Australia is only the latest of the giant strides it has made in the past three years in becoming a full partner in building collective security in the Asia-Pacific region.

Prime Minister Shinzo Abe, who hosted Malcolm Turnbull, his Australian counterpart, for defense talks on Jan. 18, has reinterpreted Japan's constitution to take a more proactive stance for defending the country in conjunction with its allies.

He has loosened rules restricting Japanese defense exports; he has taken a strong stance in response to the North Korean missile threat; and for the 2018-19 financial year he has announced Japan's biggest military budget since World War II.

There is, however, one big step still to come. That is creating and maintaining a robust security regime for the defense industry that protects national and intellectual property, and will help Japan to work more closely with the U.S. and other allied nations in developing and producing advanced defense systems. Unless Japan's allies believe it has installed effective protections and protocols to stop Russia, China, North Korea, or even a random hacker from stealing classified data or foreign intellectual property, they will be reluctant to share their most sensitive technologies with their counterparts in Japan.

By taking the right steps, the Abe government could oversee a change as transformative as the adoption of Total Quality Management by Japanese manufacturing in the 1960s and 70s, which triggered the Japanese economic miracle and made Japan a dominant competitor in the international industrial marketplace.

Japan's defense industry is one of the nation's best kept secrets. Although defense business represents a tiny portion of Japan's overall corporate profits and Japan's leading defense companies like Kawasaki Heavy Industries, IHI, NEC, Komatsu and Fujitsu are small compared with their American and European counterparts (see table), they also create high-quality products for Japan's Self-Defense Forces. Thanks to the relaxation of rules in March 2014 surrounding defense exports, they are now poised to enter today's global defense marketplace. American and European defense companies are also eager to partner with Japanese companies in creating advanced defense technologies from robotics, drones and AI to quantum computing and communications.

But Japan lacks the robust defense industrial security policy that experts agree is the cornerstone of a modern defense industry. A robust industrial security regime secures sensitive technology and data, and oversees the hiring and employing of personnel with appropriate security clearances. It also acts as a continuous interface between government and cleared industrial corporations; administers and implements laws and regulations relating to a national industrial security program; and trains industrial security personnel to help government security officers protect classified information of both foreign partners like the U.S., and domestic companies.

Cybersecurity is a key ingredient in this formula, as the U.S. painfully learned in the mid 2000s, when Chinese hackers broke into sensitive classified data in the U.S. government and in leading defense companies -- including those involved in the production of the highly-advanced F-35 Joint Strike Fighter.

Since then the U.S. and other allied countries stepped up the range and sophistication of their cyber security, while Japan unfortunately still lags behind. For example, only 27% of Japanese companies have a designated chief information security officer compared with 70-80% of American and European companies, while Japan's defense industry still has no Information Sharing and Analysis Center (ISAC) for sharing data regarding about cyberattacks and hacks. And while the government did sign a General Security of Military Information Agreement with the U.S. in 2007, which sets rules for the treatment of confidential defense information shared between the two countries, and passed an official state secrets law in 2014, there is still no general enforcement mechanism or system for security clearances that embraces government as well as private industry personnel. This lag has many possible defense industrial partners, as well as the U.S. government, deeply worried. Instead, Japan has been forced to rely on U.S. government security experts to do spot fixes while waiting for a robust general system to come into place. Until then, Japan's hopes for increasing defense industrial cooperation with the U.S. will be on permanent hold.

New regime Japan-style

Tokyo must protect world-class arms suppliers against spies and cyberattacks.

That is not just a tragedy for Japan's economy and its defense industry, but for allies like the U.S. who want to partner with Japan but cannot until these challenges are addressed.

In short, Japan needs to take on the challenge of industrial security quickly, including cyber security. The question is, how.

An excellent model would be what happened in the aftermath of World War II, when the U.S. found a way to help Japanese industry address the issue of quality control, which was hurting Japan's prospects for economic recovery. In 1950 American industrial expert W. Edwards Deming arrived to introduce a statistical method for benchmarking, analyzing, planning and carrying out a high standard of quality throughout the industrial process. Japanese engineer Genichi Taguchi saw that Deming's principles dovetailed with Japan's traditions of artisanal attention to detail and quality craftsmanship, and reshaped the Deming method to fit Japan's unique industrial culture. The result laid the foundation for a Japanese export-driven quality industrial sector that could compete in a global marketplace from cars and trucks to electronic consumer goods.

"We imported the system," notes Professor N. Yashiro of Sophia University, "but modified it to the Japanese style." This is what Japan must now do with industrial security: adopt an effective system that matches those of the U.S. and other allies, but is carefully fitted to a modern Japanese industrial culture.

The goal should be more than just a cookie-cutter version of the industrial security systems the U.S. and its allies use, but rather an industrial security regime with "Japanese characteristics," from personnel vetting and management to cybersecurity and protecting intellectual property and classified information from foreign sources.

Thinking through industrial security and cybersecurity as new forms of Total Quality Management, will make it possible for Japanese companies both to compete in the global defense market place, but also to be effective partners with U.S. and European groups, including on the most advanced and most sensitive systems and technologies.

In 1988 a secret memo circulating among Japanese defense executives predicted that if Japan were allowed to sell its defense articles abroad, the country could capture 40% of global military electronic sales and 60% of naval ship construction.

Given Japan's success in dominating the global automobile market in the 1970s and 1980s, that prediction did not seem so rash. Could it still happen? One thing is certain. Without a modern industrial security regime, it certainly will not.