Research Group on 'Risks in New Domains' FY2023-# 2
"Research Reports" are compiled by participants in research groups set up at The Japan Institute of International Affairs, and are designed to disseminate, in a timely fashion, the content of presentations made at research group meetings or analyses of current affairs. "Research Reports" represent their authors' views.

The National Security Strategy adopted in December 2022 recognized that the threat of cyber-attacks is rapidly increasing. To seamlessly protect our nation from all directions, the document includes a commitment to stepping up efforts to ensure our cyber security capabilities are on par with, or surpass, those of Western countries. Additionally, it advocates for the introduction of proactive cyber-defense measures to pre-emptively eliminate, or prevent extensive damage from, severe cyber-attacks that pose security concerns to the nation and critical infrastructure. Furthermore, the strategy outlines the need for legislative, operational, and organizational approaches to proactive cyber-defense, leading to the creation of an Office for Policy Coordination and Development on National Cybersecurity in January 2023.

The sense of urgency towards cybersecurity in the National Security Strategy is underpinned by the hybrid warfare observed in the Russia-Ukraine conflict that began in February 2022. Hybrid warfare precedes conventional warfare with tanks and missiles by engaging in cyber-attacks aimed at disabling functions and manipulating information. A distinctive feature of this warfare is a progression of crises in the information space during peacetime. In the context of the Russia-Ukraine war, the first phase of the information war, aimed at undermining the credibility of Ukraine's pro-European political regime, has been ongoing since 2014. The second phase of cyber-attacks occurred in three waves from mid-January 2022 just before the conventional warfare began.

During the first phase of the information war, false images and narratives were spread to portray the Zelensky administration in Ukraine as a neo-Nazi regime. This included fabricated images of President Zelensky receiving a Ukrainian national football team jersey with a Nazi swastika and fake photos showing Ukrainian military units and the Azov Battalion prominently using the swastika symbol. Narratives containing disinformation were intensively disseminated In Western countries, claiming that Russia's invasion of Ukraine was caused by NATO's post-Cold War eastward expansion.

Research conducted by a group at MIT in the United States has revealed that "false news spreads significantly farther, faster, deeper, and more broadly than the truth, with its effects being particularly pronounced in the context of false news about politics compared to terrorism, natural disasters, science, urban myths, and finance." This phenomenon was observed during the Russia-Ukraine war when, on February 25th, immediately after the outbreak of hostilities, Russia disseminated disinformation claiming that President Zelensky had fled Kyiv. This news rapidly spread across the Internet but, by late night on the 25th, President Zelensky countered this by recording a video on his smartphone declaring, "We are in Kyiv and defending our independence," which he posted on his YouTube and Facebook accounts. Without President Zelensky's prompt video response, the morale of the Ukrainian people could have collapsed early on, potentially allowing Russian forces to easily occupy Kyiv.

General Valery Gerasimov, the Chief of the General Staff of the Russian Armed Forces, noted in a February 2013 speech on modern warfare that "the rules of war have changed, with the role of non-military means in achieving political and strategic goals becoming more significant and often exceeding the power of weapons. The information space greatly expands the asymmetrical possibilities of reducing the combat power of the enemy." Thus, Russia has focused on information warfare and influence operations in peacetime, and the Estonian Foreign Intelligence Service's 2021 annual report analyzed the various methods of information warfare employed. These methods include (1) the takeover of media sites and dissemination of fake news, (2) hacking and leaks, (3) service disruptions through DDoS attacks, and (4) website defacement, employing not only the dissemination of disinformation but also cyber-attacks such as information theft and DDoS.

Russia's information warfare aims to fight in the cognitive domain, identifying contradictions within a target country, amplifying these contradictions using disinformation, and expanding societal fissures to weaken the opponent. The objective is to weaken the adversary society through information warfare, thereby improving Russia's relative position in the international community. For example, Russia views the influx of Islamic migrants into Western societies as an opportunity to exploit societal unrest through information warfare, thereby stirring up anti-Islamic migrant nationalism and promoting the rise of the far-right to destabilize the stability of pluralistic democracies in the West.

Elections in democratic countries are prime targets for Russian information warfare. The 2016 US presidential election saw the spread of disinformation on social media, leaks of confidential information through hacking, and cyber-attacks on election systems. As a result, the African-American voter turnout was significantly lower than in the 2012 presidential election, affecting the voting behavior of the Democratic support base. Additionally, disinformation about the postal voting system and vote counting systems was spread, shaking confidence in the US electoral and democratic systems, leading to the rise of conspiracy theorists like QAnon and damaging the trust and unity of American society. Similarly, Russian information warfare has been observed in the 2016 Brexit referendum in the UK, the 2017 French presidential election, and the 2017 German federal election.

Similar to Russia, China also perceives the cognitive domain as a battlefield, with the term "cognitive dominance" increasingly appearing in military literature in recent years to describe the aim of securing superiority in the cognitive domain. According to Taiwan's 2021 Defense Report, China's methods of cognitive warfare are diverse and include: (1) external propaganda using official media, (2) nationalist propaganda through massive postings on social networks, (3) dissemination of information via content farms, and (4) manipulation of information using local collaborators. In fact, such information warfare tactics by China have been observed during Taiwan's presidential and local elections, with the dissemination of disinformation by China also noted in the January presidential election this year.

An increase in cyber-attacks on our country by Russia, China, and North Korea has also been witnessed, particularly before the G7 Summit in 2023, when an increase in DDoS attacks targeting government agencies, local governments, and transportation systems from Russia was noted.

To counter such information warfare and cyber-attacks undertaken even during peacetime, proactive cyber-defense is essential. Proactive cyber-defense involves a cycle of operations that must be conducted 24/7 year-round, including: (1) gathering information by intercepting communications and aggregating meta-data to collect and observe data on cyber-attacks, (2) using technical methods to analyze and identify attackers, (3) determining technical and policy responses to attacks based on analysis-driven situational assessments, and (4) responding through technical and policy means to mitigate attacks. To implement such proactive cyber-defense, the legislative and organizational preparations stipulated in the National Security Strategy are urgently needed.