Buffering: Cybersecurity in the U.S.-Philippine Alliance

Issues & Insights Vol. 22, SR1, pp. 1-8


This study examines the integration of cybersecurity within the U.S.-Philippine alliance. Technological change poses distinct challenges to international alliances by presenting new security threats and vulnerabilities that alliances must adapt to address. Using a process-tracing approach, this article investigates the evolution of cybersecurity within the U.S.- Philippine alliance and whether existing defense arrangements have been effectively leveraged to meet the challenges of a cyber insecure world. It finds that despite initial momentum toward integrating cybersecurity within the alliance, cyber cooperation has largely stalled since 2016. Although the elections of Rodrigo Duterte and Donald Trump contributed to this malaise, the stagnation also reflects a larger strategic divergence in how Washington and Manila approach the digital domain. This contrasts sharply with other alliances like NATO and must be addressed to sustain alliance activities in cyberspace.

Click here to download the full volume.

About this Volume

Authors of this volume participated in the inaugural U.S.- Philippines Next-Generation Leaders Initiative, sponsored by the U.S. Department of State, through the U.S. Embassy in the Philippines. With backgrounds from academia, public policy, civil society and industry, the cohort brings rich insights on the past, present, and future of the U.S.-Philippines bilateral security relations.

The statements made and views expressed are solely the responsibility of the authors and do not necessarily reflect the views of their respective organizations and affiliations. Pacific Forum’s publications do not necessarily reflect the positions of its staff, donors and sponsors.

Gregory Winger is an Assistant Professor of Political Science and Fellow with the Center for Cyber Strategy and Policy at the University of Cincinnati. He is also a former Fulbright Scholar to the Philippines and Fellow with the National Asia Research Program.

Photo: Philippine Army-United States Army Pacific during the Cyber Security Subject Matter Expert Exchange (SMEE) in Manila, May 14 to 18, 2018. Source: Philippine Army/Public domain

PacNet #7 — China’s growing confidence in drone warfare

After a decade of extensive research and development, China has begun demonstrating growing confidence in drones’ manufacture—and their use in warfare.

Although many militaries around the world use drones in military operations, none integrate them in such a comprehensive a manner as the People’s Liberation Army (PLA). While US military operations in Afghanistan and Pakistan limited drone use to specific targets and individuals, the PLA, particularly its air force and navy, considers drones to be as important as any other offensive combat system. It does not see drones as mere auxiliaries, but a crucial combat component to compensate for some of its weakness.

For example, even though China has begun deploying modern combat carriers such as the J-20 stealth fighter and nuclear-armed submarines, it does so in relatively small amounts, and many believe its capabilities remain inferior to the United States’. To compensate, the PLA has adopted an asymmetric strategy. Thousands of missiles are deployed near the coast of Taiwan that can strike US aircraft carrier battle groups and reach US military bases as far as Guam. Drones complement the strategy of missile strikes in combination with modern fighter jets, submarines, and surface ships operating closer to China’s coast, which would be deadly for American forces.

Chinese sources report that a twin-seat version of the J-20 is under development. The extra pilot will allow the aircraft to perform more tasks, including operating several air drones which could be used for recognizing and partaking in attack missions, providing a protective barrier to the J-20 and improving its odds against superior American fighters. The Chinese air force’s most ambitious project is the “flying aircraft carrier,” a mother ship air drone that would carry several drones to be used in swarm attacks against enemy aircraft and air defense systems. Airshow China 2021 displayed the GJ-11 stealth air drone, designed for reconnaissance and attack missions in heavily defended air space. The GJ-11 is the most advanced drone of its kind; more advanced than anything the United States currently has in its inventory.

The Chinese air force is not merely relying on state-of-the-art drones. It is also converting obsolete fighter jets such as the J-7 into drones. Some analysts have speculated that these conversions have been used for incursions into Taiwan’s Air Identification Zone. Though no match for Taiwan’s modern fighters, when used in large numbers and mixed with modern fighters, they can confuse an opponent’s air defenses.

The PLA Navy (PLAN), just like the US Navy, believes that the odds of war between China and the United States will increase in the coming years and that naval warfare will be crucial. To counter US aircraft carriers, nuclear-armed submarines, and modern fighters, the PLAN is also investing heavily in drones. In July, one source reported that China was testing a “cross medium UAV,” a drone that can operate both underwater and in the air. The United States operates such drones, but those developed by China are far more sophisticated.

China’s Yunzhou Tech is developing a drone ship carrying six smaller water drones to attack the surface of enemy ships. The six-armed drones are to work in a coordinated manner to surround and proceed with its offensive operations. The growing sophistication of Chinese technology suggests that these ship drones will become more powerful and carry greater numbers of smaller attack drones. Chinese scientists have also developed a shark-shaped drone to attack submarines. In December 2020, for instance, an Indonesian fisherman found a Chinese underwater drone off the coast of South Sulawesi, close to northern Australia.

In September, several media reports claimed that China successfully landed a hypersonic drone. If such reports are accurate, China will be the first nation to achieve such prowess, placing it ahead of the United States in both drone and hypersonic technology.

If a conflict were to break out with the US Navy over Taiwan, the PLAN has no intention of fighting the United States in an open conventional naval battle, like the Battle of Midway. US forces will have to come closer to China’s coast, where the PLAN and PLA Air Force (PLAAF) enjoy the advantages of proximity to their logistic base and the protection of its missile umbrella. That means reaching Taiwan will be a difficult and bloody operation for the United States.

The US military has the upper hand in many areas, such as aircraft carriers, stealth fighters, nuclear-armed submarines, and satellites. However—and such a possibility is by no means certain—if China were to acquire the lead in hypersonic missiles, hypersonic and stealth attack drones, cruise and ballistic missiles, and cyber warfare, it is no longer clear that the balance of power favors the United States.

What’s clear is that the PLA believes that drones are the future of modern warfare, which is why it has embraced it. The United States would be well-advised to invest more in drone technology and the means to counter it.

Loro Horta (embajadorlorohorta@gmail.com) is an academic and diplomat from Timor Leste. The views expressed here are strictly his own.

PacNet commentaries and responses represent the views of the respective authors. Alternative viewpoints are always welcomed and encouraged. Click here to request a PacNet subscription.

U.S.-Singapore Cooperation on Tech and Security: Defense, Cyber, and Biotech

Issues & Insights Vol. 21 SR4, pp. 5 – 15

About this Volume

Authors of this volume participated in the inaugural U.S.- Singapore Next-Generation Leaders Initiative, sponsored by the U.S. Department of State, through the U.S. Embassy Singapore. With backgrounds from academia, public policy, civil society and industry, the cohort brings rich insights on the past, present, and future of the U.S.-Singapore relationship. Between September 2020 and August 2021, cohort members engaged with senior experts and practitioners as they developed research papers addressing various aspects of the bilateral relationship.

The statements made and views expressed are solely the responsibility of the authors and do not necessarily reflect the views of their respective organizations and affiliations. Pacific Forum’s publications do not necessarily reflect the opinions of its staff, donors and sponsors.


The partnership between the United States and Singapore is founded in no small part on the shared recognition of the value that technology has for national security. Over the last 55 years, Singapore has become an established purchaser of U.S. defense technology, but the past 20 years have also seen the U.S.-Singapore relationship mature into an increasingly collaborative one, tackling newer fields like cybersecurity and biosecurity. However, current geopolitical tensions present a challenge for Singapore, which strives to retain its strategic autonomy by maintaining positive relations with all parties. Paradoxically, the rise of non-traditional security threats may pave the way for greater bilateral cooperation by allowing Singapore to position itself as a hub for cooperation on regional security issues in Southeast Asia at large. In such spirit, this paper recommends that the United States and Singapore do the following: 1) in defense technology, co-develop niche capabilities in C4ISR and unmanned systems with peacetime applications; 2) in cybersecurity, improve their domestic resilience against sophisticated nation-state actors while also building regional capacity to counter cybercrime in Southeast Asia; and 3) in biosecurity, strengthen regional epidemiological surveillance to brace against possible future pandemics.

Click here to download the full volume.

Shaun Ee is a nonresident fellow in the Atlantic Council’s Scowcroft Center for Strategy and Security, working at the nexus of security policy, emerging tech, and U.S.-China relations. He is also a Yenching Scholar at Peking University and writes for TechNode, a Beijing- and Shanghai-based publication covering China’s tech ecosystem. Previously, Shaun was assistant director of the Scowcroft Center’s Cyber Statecraft Initiative, and served in the Singapore Armed Forces as a signals operator in an artillery unit. He holds a BA from Washington University in St. Louis, where he studied cognitive neuroscience and East African history.

Photo: Secretary of Defense Lloyd J. Austin III and Singaporean Defense Minister Ng Eng Hen stand at attention for the playing of both countries national anthems during a bilateral exchange at the Pentagon, Washington D.C., Nov. 3, 2021. Source: DoD photo by Mass Communication Specialist 2nd Class Chris Roys


PacNet #54 – What AUKUS means for Malaysia’s technological future

When the leaders of Australia, the United Kingdom, and the United States announced their new trilateral security partnership, AUKUS, on Sept. 15, Malaysia’s prime minister released a statement expressing concern about its impact on stability in Southeast Asia. Malaysia’s minister of foreign affairs and minister of defense separately issued a statement in support of the prime minister’s position, underscoring the risks of a conventional and nuclear arms race, particularly in the South China Sea.

These statements are worth parsing out. At the outset, however, it is important to note that despite Malaysia’s reservations about AUKUS, the government has continued to welcome deeper relations with all three countries in the pact, bilaterally and through multilateral platforms such as the Five Power Defense Arrangements (FPDA). What’s more, nuclear-powered submarines are only a piece of AUKUS. Of greater significance to Malaysia, and the rest of Southeast Asia, is the longer technological arc of AUKUS, which will reshape the regional strategic landscape.

The nuclear objection

Although uneasiness about AUKUS was downplayed as overhype or strategic naiveté, Putrajaya’s position is an assertion of Malaysia’s long-standing foreign policy. The underpinnings of AUKUS bring to bear Malaysia’s stance on nuclear non-proliferation and disarmament, non-alignment, as well as its management of the South China Sea dispute all at once.

Some may have interpreted Prime Minister Ismail Sabri’s statement that AUKUS could trigger a regional nuclear arms race as misunderstanding the nature of the deal. AUKUS, of course, involves nuclear-powered—rather than nuclear-armed—submarines. However, AUKUS marks the first time a non-nuclear weapon state would receive nuclear-powered submarines and, therefore, this raises uncertainties about proliferation and international legal safeguards. These questions, although distant for now, remain deeply unsettling for Malaysia given its position vis-à-vis the international nuclear non-proliferation and disarmament regimes. For example, Malaysia has tabled a United Nations resolution every year since the 1996 International Court of Justice’s advisory opinion on the Legality of the Threat or Use of Nuclear Weapons. The resolution underscores the ICJ’s call for nuclear disarmament “in all aspects under strict and effective international control.” Since AUKUS exploits a loophole in existing nuclear safeguards regimes, Malaysia believes that there is a risk that this will undermine the disarmament goal.

But even if Malaysia’s nonproliferation concerns with AUKUS may be misplaced, Putrajaya is not alone in fearing that it will trigger a conventional arms race among the major powers in Southeast Asia’s backyard—specifically, in the South China Sea. In looking at AUKUS, Indonesia’s foreign ministry, for instance, voiced “deep concern” over the continuing arms race and power projection in the region. Even Singapore and Vietnam, which are often described in the media as welcoming of AUKUS, gave carefully crafted responses that suggest they are cautious. Both states stress the importance of regional peace, stability, cooperation, and prosperity.

Partners and problems

Despite Malaysia’s apprehension of AUKUS, Putrajaya has continued to welcome closer bilateral and multilateral ties with Washington, London, and Canberra, including in the areas of security and defense. Only a month after AUKUS was announced, Malaysia’s Defense Minister Hishammuddin Hussein affirmed the country’s commitment to the 50-year-old FPDA, the overlap in FPDA and AUKUS partners notwithstanding. As part of the FPDA, Malaysia participated in a 10-day exercise, Bersama Gold 2021, involving 25 fighter jets, six support aircraft, six helicopters, 10 maritime ships, one submarine, and over 2,000 military personnel alongside Australia, New Zealand, Singapore, and the United Kingdom in the international waters of the South China Sea. Malaysia also hosted the FPDA’s anniversary celebration and the FPDA defense minister’s meeting following the exercise.

This proclivity to segment relationships based on issues and interests as well as the desire to preserve an expansive network of ties with competing major powers are a key element of Malaysia’s foreign policy approach. This is true with AUKUS countries, as it is with China. Despite sustained harassment by Chinese vessels around Malaysian waters, the Malaysia-China relationship remains warm and friendly. Putrajaya has sought to sequester its problems with Beijing in the South China Sea from the economic, political, and socio-cultural dimensions in the bilateral relationship. This separation of issues both between and within partnerships is a feature rather than a bug of Malaysia’s foreign relations. It does not, however, always work perfectly.

Technological pathways

Accordingly, to retain geopolitical space for itself in the middle of deepening fissures between the United States and its allies on the one hand and China on the other, Putrajaya will need to intensify its diplomatic engagement with all sides proactively rather than reactively. This will require looking at trends which now appear to coalesce around technology as well as the governance and regulatory frameworks that underpin it. AUKUS underscores this point.

Nuclear submarine technology for Australia is but a “first initiative” under AUKUS. In the pipeline is trilateral collaboration on cyber, artificial intelligence (AI), quantum, and undersea capabilities. While the subtext for these plans may be defense technology competition with China, there are converging opportunities for cooperation between Malaysia and the three AUKUS countries that could empower Putrajaya in shaping the regional tech landscape. The most accessible, benign, and functional entry point for tech cooperation is the digital economy. Much of this is already underway in Malaysia, with ongoing industry partnerships as well as capacity-building and training efforts to improve cyber security and the operationalization of AI in various economic sectors.

There is one practical way Malaysia can carve out strategic agency while helping chart the region’s tech-based future amid rival powers. The government could create either a coordinating ministerial or ambassadorial portfolio specific to the cross-cutting role of technology. This senior official would stitch together the country’s technology interests in trade and economy, national security, and foreign affairs, and register Malaysia’s perspectives on tech’s rules of the road—from ethics and norms to standards and laws—in bilateral, multilateral, and multi-stakeholder discussions. Although the National Cyber Security Agency of Malaysia currently functions as the lead coordinating agency on cyber security matters, a senior official representing the country’s cross-sectoral interests in broader emergent/emerging technologies could help streamline multi-faceted policies at the domestic level. Additionally, a single, senior point of contact could facilitate cooperation with AUKUS countries and others on new and unfolding technologies. In both substance and form, a coordinating minister or ambassador would recognize tech’s reach across agency silos and the importance of a whole-of-government approach in contributing to the evolving governance frameworks of technology.

Several countries outside of Southeast Asia already have representatives in similar roles that reflect the ubiquity of technology transcending a range of agendas in government, industry, and civil society. Malaysia could benefit from that model. A focused and active Malaysia, along with its ASEAN counterparts, offering thought leadership on tech governance would not only design the country’s digital future in a more comprehensive manner but also potentially help the region avoid the pitfalls of US-China decoupling.

Malaysia may not welcome AUKUS. But it should use it to shape rules of the road to ensure that Southeast Asia’s tech and strategic landscape remains inclusive rather than exclusive.

The author would like to thank the Asia Pacific Team from the Defence and Security Foresight Group (DSFG) for their support during the development of this piece. 

Elina Noor (ENoor@asiasociety.org) is Director, Political-Security Affairs and Deputy Director, Washington, D.C. Office at the Asia Society Policy Institute.

US-Japan Cybersecurity Cooperation: Beyond the Tokyo 2020 Olympics

As an anchor of stability in the Indo-Pacific region, the US-Japan alliance faces enormous challenges and opportunities to revisit, review, and reinvigorate existing approaches in cybersecurity cooperation. The two countries face an ever-changing cyber threat environment, especially with the advent of disruptive technologies like artificial intelligence, big data, cloud-computing against the backdrop of deteriorating global Internet consensus.

The US-Japan Virtual Forum on Cybersecurity Cooperation: Beyond the Tokyo Olympics examined the progress, challenges, and prospects for US-Japan cybersecurity cooperation in securing critical national infrastructure (CNI) against the backdrop of the Tokyo 2020 Olympics, the ongoing COVID-19 pandemic, and increasing great power competition. Experts from both countries convened for two days of closed-door sessions and a cybersecurity table-top exercise. Policy recommendations were then shared by select speakers at a public panel. This special report showcases research originating from these discussions that was conducted by select Forum attendees.

Table of Contents

  1. Introduction 
  2. Key Findings from the US-Japan Virtual Forum on Cybersecurity Cooperation: Beyond the Tokyo Olympics 2020
  3. Next Steps for US-Japan Cybersecurity Cooperation After Tokyo 2020 | Mihoko Matsubara
  4. Threats & Trends in Critical National Infrastructure | Gregory Winger, Ph.D.
  5. Strengthening US-Japan Cooperation on Protection of Critical National Infrastructure | Benjamin Bartlett, Ph.D.
  6. Seizing on US-Japan Opportunities for Submarine Cable Security | Justin Sherman
  7. US-Japan Cybersecurity Cooperation | Professor Wilhelm Vosse, Ph.D.
  8. The Cyber AI Nexus: Implications for the US-Japan Cybersecurity Alliance | Mark Bryan Manantan

Click here to download the report.


The Tokyo 2020 Olympics put into sharp focus the increasing significance of cybersecurity to Japan’s national security agenda in recent decades. Ahead of the highly anticipated 2020 Olympics and Paralympic Games, Japan’s National Intelligence Agency warned the government about an expected influx of state-sponsored hackers targeting critical national and digital infrastructure to disrupt or hijack the historic sporting events. The warning is reminiscent of the 2018 Pyeongchang Winter Olympics held in South Korea, where malware nearly delayed the opening ceremony. In 2018, a recorded cyberattack also compromised 300 computer systems, affecting the inter- net and television services managed by the International Olympic Committee.

Amid postponement of the 2020 Olympics due to the global pandemic, Japan has remained focused on mitigating malicious cyberattacks, especially with increasing tensions in the region, including US-China geostrategic and geo-economic rivalry and Russia’s four-year Olympic ban. Japan continues to ramp up its cyber defenses. Amid the limitations of its pacifist constitution, Japan has made leaps in the adoption of a more defense-oriented posture in cybersecurity. Japan is now an emerging cyber power.

Integral to Japan’s overall cybersecurity policy is closer cooperation with the United States. The US-Japan alliance anchors the stability and prosperity of the Indo-Pacific. Enduring regional security therefore relies on the bilateral initiatives undertaken by Tokyo and Washington across all domains, including cyberspace. Although cybersecurity cooperation within the alliance has been robust, the urgency to constantly review, assess, and upgrade facets of cybersecurity engagements — confidence-building measures, and international law and cyber norm promotion — is imperative due to the evolving nature of sophisticated cyberattacks and the disruptive effects of technological advancements.

In light of these recent developments, Pacific Forum hosted a three-day virtual workshop from August 17-19, 2021, titled the US-Japan Cybersecurity Cooperation Virtual Forum: Beyond the Tokyo Olympics. The work- shop examined the progress, challenges, and prospects for US-Japan cybersecurity cooperation in securing critical national infrastructure (CNI) against the backdrop of the Tokyo 2020/2021 Olympics, COVID-19 pandemic, and ongoing great power competition. The workshop gathered over 70 individuals representing government, industry, academia, and civil society from the Indo-Pacific. The first two days were closed-door, while the final day’s proceedings were open to the public. The virtual dialogue featured well-known Japanese and American speakers who tackled key dimensions of cybersecurity cooperation under the US-Japan alliance. In parallel to the virtual discussions, a cybersecurity tabletop exercise was conducted to test and operationalize the concepts and deliberations and formulate actionable and pragmatic policy insights. 

To sustain the virtual dialogue’s relevance and policy impact, Pacific Forum has compiled this special digital publication with select contributions from the panelists. With the increased attention on state-sponsored cyberattacks, the proliferation of ransomware, and the disruptive effects of emerging technologies, the launch of this special issue comes at an auspicious time. Reflecting on the outcomes of the virtual event, the authors in this volume took a step back to locate gaps in the US-Japan alliance’s role in securing cyber stability in the Indo-Pacific region before zooming in on concrete policy recommendations. 

This digital publication begins with the Key Findings report that outlines the salient points of the three-day virtual dialogue, including the deliberations during the cybersecurity tabletop exercise. Reflecting on the aftermath of the Olympics, Mihoko Matsubara’s “Next steps for US-Japan cybersecurity cooperation after Tokyo 2020” offers insights on the lessons learned and best practices that Japan can apply and sustain with its ongoing collaboration with the US and its partners across Asia and Europe. Dr. Gregory Winger’s “Threats and trends in critical national infra- structure” examines the SolarWinds and Colonial pipeline hacks to expose the evolving patterns of malicious behavior on supply chains before calling for a more proactive and persistent type of engagement between the US and Japan. 

Focusing on practical collaborative steps that the US and Japan can undertake in protecting their critical national infrastructure, Dr. Benjamin Bartlett’s contribution probes into how the alliance can address cyber incidents that fall under the level of an armed attack. He explores what coordinated responses Tokyo and Washington should pursue to confront low-level yet persistent threats like cyber espionage in critical national infrastructure. 

Justin Sherman’s “Seizing on US-Japan opportunities for submarine cable security” explores the physical dimension of cybersecurity, scrutinizing the strategic issues underpinning undersea cable networks. Mr. Sherman’s article emphasizes the importance of regulatory func- tions and joint capacity building to safeguard submarine cables, which are the connective tissue of US-Japan cyber intelligence-sharing, and more broadly the global internet infrastructure. 

Looking ahead, Professor Wilhelm Vosse’s piece scans the weaknesses and strengths of Japan’s cybersecurity architecture. Although Japan has made impressive strides in its regional and international cyber diplomacy — capacity building, confidence-building measures, and joint training exercises — it needs to review the fundamental elements of its cyber policy. This will entail narrowing the definition of cyberattacks and exploring the notion of what offensive and defensive cyber capabilities look like for Japan given its pacifist constitution amid rising concerns over China, Russia, and North Korea’s cyber activities. Finally, Mark Bryan Manantan’s “The cyber AI nexus: Implications for the US-Japan cybersecurity alliance” tackles how emerging and dual-use technology like AI is tilting the alliance’s cyber cooperation. Mr. Manantan explores the mutual relationship between cyber and AI from normative and technical perspectives to conduct an in-depth analysis of the opportunities, challenges, and prospects for Tokyo and Washington in the age of technological disruption. 

As geostrategic competition shifts into the geo-economic and geo-technological spheres, cybersecurity will become even more central. It is our hope that the policy recommendations and insights offered by this digital publication will be applied among policymakers to enable deep reflection on the rapidly changing cyber landscape and consequently upgrade the existing dimensions of cyber cooperation. With current US-China relations hitting a cul-de-sac, clandestine and covert operations in the cyber arena will further accelerate — a reality that Tokyo and Washington must confront with both strategic pragmatism and prudence


The completion of this Special Edited Volume would have not been possible without the generous contributions of our featured authors, and the active participation and support from all the speakers, advisors, and participants during the US-Japan Virtual Forum on Cybersecurity Cooperation: Beyond the Tokyo 2020 Olympics. 


Issues & Insights Vol. 21, SR 1 – 21st Century Technologies, Geopolitics, and the US-Japan Alliance: Recognizing Game-changing Potential 

Key Findings

Throughout the month of October 2020, with support from the US Embassy Tokyo, the Pacific Forum cohosted with the Center for Rule-Making Strategies at Tama University, the Keio University Global Research Institute, and the Okinawa Institute of Science and Technology a series of virtual panel discussions on “Game Changing Technologies and the US-Japan Alliance.” Over 280 individuals joined the 10 sessions – 7 closed door and 3 public panels – that examined issues such as artificial intelligence, autonomous vehicles, big data, cybersecurity, drones, quantum computing, robots, and 3-D printing. A conversation of this length and breadth is difficult to summarize, but the following key findings attempt to capture this rich and variegated discussion.

General landscape

Mastery of new and emerging technologies is key to success in 21st century economic competition and global leadership. There is much talk about those technologies’ impact on “the balance of power,” but a fundamental question remains: The power to do what?

Technological prowess is vital not only to national defense and dominance, but also to provide a bulwark against interference by authoritarian governments in domestic and personal affairs.

Democracies are losing their historical influence over technology development, standard-setting, and limiting proliferation relative to the growing capacity of authoritarian competitors, but this can be corrected.

Japan has made national economic statecraft a priority but has considerable work to do to deal with the suite of issues associated with creating and effectively exploiting emerging technologies.

The ubiquity of many of these technologies and government initiatives like China’s Military-Civil Fusion (MCF) erase historical distinctions between military and civilian use. Traditional export controls focus on protecting military and dual-use items. The growing difficulty in distinguishing between military and civilian end-use and end-users makes export controls challenging to apply, and ineffective in practice.

Emerging technologies

Despite growing attention to emerging technologies in the US and Japan and acknowledgement of the need for coordinated action to regulate their use, disparities between the two countries in terms of knowledge about, impact of, and proficiency in these technologies inhibit coordinated action.

Uncertainties inherent in the development of “emerging technologies” make regulation of their use and control of their dissemination difficult, if not impossible. Identifying the appropriate technology to control is also problematic, and there is agreement that “casting the net” too wide will inhibit innovation.

There is an inherent tension between a desire for international collaboration to spur innovation and the perceived need to control access to technologies to preserve economic and security-related advantages, particularly to prevent their diversion by or to other countries.

While there is an instinct in the US to decouple economic exchange from perceived adversaries to prevent technology leakage, connections afford the US and its allies a window into the work of perceived adversaries and prevent surprise – both economic and strategic.

Economic incentives to get new technologies to market as quickly as possible may undermine the readiness of entrepreneurs to build in safety, security, and ethics. The declining cost of new technologies and their increasing availability to the public democratize access to dangerous tools and create a leveling effect among nations.


If data is “the new oil” – and there was little dissent about this – then the norms and regulations regarding its “ownership” and/or use will be vital to success in the 21st century economy. Coordination among governments that facilitate or inhibit sharing of such data is critical.

We are only beginning to understand how data processing outcomes can be influenced by the types of algorithms used. Ostensibly “neutral” algorithms can prejudice decision-making by incorporating subtle but important biases. Even nontechnical policy people should seek to shine light into the algorithm “black box” to understand what assumptions are being made.

The COVID-19 pandemic has accelerated demand for better cybersecurity practices – and made plain the alarming gap in both the capacity and the will to implement those practices. At the same time, the pandemic-triggered recession has forced companies to cut their cybersecurity budgets just as they have increased spending on IT capabilities to account for a surge in remote working arrangements.

Be wary of comparisons of who is “winning” cyber or technology races. Much depends on the metrics used and assumptions about the nature of the competition. The “race” metaphor also obscures the importance of international collaboration and reduces the equation to a zero sum.

Identifying and thinking about cyberspace as a separate military domain on par with air, sea land, or space encourages clarity in relevant decision making – whether civilian, military, government, or private. On the other hand, such a distinction risks obscuring the fact that cyberspace is intrinsic to, and fully permeates, the other domains.

As governments attempt to secure national cyber networks, small- and medium-size businesses continue to struggle to protect themselves from cyberattacks. Their shortage of cybersecurity resources makes them vulnerable to cyberattacks, and both government and industry-driven initiatives have been launched to help these smaller businesses enhance their cybersecurity.

There is a tension between resilience and deterrence in national security planning for cyberspace. While technology is often the focus of security concerns, the human factor must not be overlooked. Trust may be the key concept in developing secure cyber networks.


While there is concern about the role of robots or autonomous weapons on the battlefield and their impact on human control and delivery of intended effects, advocates counter that autonomous weapons can be discriminating and more accurate than humans, creating less collateral damage.

Public sensitivity to (or aversion toward) the application of advanced technologies in the national security space has kept some researchers (many Japanese but also some American) from considering the military applications of their work.

Semiconductors, 3-D Printing, and Supply Chains

Japan is several years behind the world in adopting additive manufacturing practices like 3-D printing. While 3-D printing offers many advantages, problems persist in acquiring the necessary raw materials for printing at scale. Effective utilization of 3-D printing will require more and better education about this technology.

The US has much to learn from Asia about reviving its manufacturing sector and resourcing supply chains.

Given a 60-70% cost differential between manufacturing in the US and China, relocating low-cost production out of China makes little sense in a short-term analysis that relies solely on cost. Yet there are competing and sometimes compelling longer-term factors to consider, such as geopolitical relations, political risk, and the security of supply chains in a crisis. Establishing new supply chains demands close attention to these factors.

For the US, a “National Manufacturing Guard,” modeled after the National Guard, may be one way to ensure the availability of manufacturing capacity in a crisis such as a global pandemic.

Quantum Technology

While impressive progress has been made, the world is a long way from a game-changing quantum computing capability. Small quantum computing capabilities may appear in the next three to five years, but the potential – and the hype – outpaces the technology.

It is too early to tell which quantum technologies will have an impact on national security, and different states are pursuing different lines of effort. Japan, China, and the EU are prioritizing quantum communications, which might improve the security of encrypted communications. The US and a few other countries are focusing on quantumcomputing, which could threaten the security of encrypted communication, as well as provide useful commercial applications.

It is also too early to set broad international standards for quantum technologies. Instead, it may make more sense to focus on limited cooperation among allies or like-minded countries.


Biotechnology proliferation poses new security threats as nefarious actors will be able to access these capabilities soon.

While most of the focus of biotechnology is on medical and health-related products, it is estimated that more than 60% of physical inputs into the global economy can be replaced by biological production.

A shift to biological production can yield profound reductions in energy, water use, and land use, along with substantial cuts in “food miles” (the distance from production to the table).

For new types of food production, economies of scale are not everything: there is room for individual or startup competitiveness. However, supply capacity is a key limiter, particularly with regard to amino acids and water.

While Japan has been developing biotechnologies, gains have been limited by bureaucratic factionalism and stove-piping between government departments.

Areas of Cooperation

Technology can only be successfully managed through whole-of-government and whole-of-society approaches. Policymakers should promote coordinated action between allies, partners and like-minded states, where technology-generated impacts have their most far-reaching effects.

The US-Japan Cooperation Dialogue on the Internet Economy, which included discussions with private-sector representatives, is a best practice for US-Japan cooperation. The exchange of ideas among industry, government, and academia will create an open architecture highlighting the values of transparency, vendor diversity, and standardization, creating market opportunities for US and Japanese vendors and benefitting third countries by improving supply chain security.

The fundamental challenge the US and Japan face in 5G competition is a lack of attractive, alternative options to very cheap technologies offered by China to third countries. An area of focus for the US and Japan in 5G should be R&D collaboration to ensure multi-vendor interoperability on technology challenges. Our countries should also be thinking to develop 6G technology, in particular multilateral and bilateral industry consortiums for standard-setting.

One important lesson from the US-Japan trade and technology competition of the 1980s is that the US exaggerated the “threat” from a highly capable competitor to a point that it almost missed opportunities to work together for mutual benefit. (The allies should not lose sight of opportunities to do so with China.)

The US needs an accurate understanding of government involvement in industrial development.  The vital role that Washington played in creating what came to be known as Silicon Valley is often downplayed to foster a myth of “entrepreneurial independence” and advance ideological positions that are not based on history.

Alignment between the US and Japan on trade, investment, and technology controls is necessary. Otherwise, attempts to address shared security concerns will generate friction between our two countries. One vital step Japan can make is developing more sophisticated procedures to handle classified information, including a security clearance system. As a first step, the US and Japan should update their science and technology agreement signed in 1988.













































5G 競争において米国と日本が直面している根本的な課題は、中国が第三国に提供している非常に安価な技術に代わるような魅力的な選択肢がないことである。5Gにおいて日米が焦点とすべきは、技術課題に対するマルチベンダーの相互運用性を確保するための共同研究開発である。日米はまた、6G技術の開発、特に規格設定のための産業界での多者間及び二者間のコンソーシアムについて考えるべきである。

1980 年代の日米貿易及び技術競争からの重要な教訓の一つは、米国が有力な競争相手からの「脅威」を誇張しすぎて、協力して相互に利益を得るチャンスをほとんど見逃してしまったことである。(米国の同盟国は中国との協力という観点を見失うべきではない。)




Edited by Brad Glosserman, Crystal Pryor, and Riho Aizawa

Japanese translations by Harunari Soeda, Yu Inagaki, and Erika Hongo

Download the full PDF of Issues & Insights Vol. 21, SR 1 – 21st Century Technologies, Geopolitics, and the US-Japan Alliance: Recognizing Game-changing Potential 

PacNet #60 – Industry Cooperation Uplifts Japan’s Cybersecurity—and Maybe the World’s

Cyberattacks have been growing increasingly frequent and sophisticated in recent years. Cybercriminals and cyber spies are taking advantage of the Covid-19 pandemic to launch more attacks, as the new normal has made organizations more reliant on information technology (IT), including cloud tools and web conferences. The attack surface has expanded drastically.

But along with the increased frequency of cyberattacks to disrupt business operations or steal intellectual property and national security secrets, the world also faces an acute shortage of cybersecurity professionals. The (ISC)2 Cybersecurity Workforce Study 2019 revealed the world is short 4.07 million cybersecurity professionals, and 51% of surveyed cybersecurity professionals are concerned as to whether their employer is at “moderate or extreme risk due to cybersecurity staff shortage.” Given this international situation, global supply chain risk management is a must to protect businesses, critical infrastructure, international trade, and national security. Employers need to have people who can incorporate cybersecurity into their business processes and help ensure the robustness of global supply chains.

The 2018 Japanese Cybersecurity Strategy addresses this urgent need to develop cybersecurity talent and create a wide variety of cybersecurity curricula for all ages, from elementary school students to young professionals to senior executives. Japanese industry has accelerated its cybersecurity efforts over the past several years. Still, it is expensive for companies to create cybersecurity training programs, along with curricula, as new cyberattack methods and cybersecurity technologies are always emerging.

Of course, multiple vendors around the world offer cybersecurity training programs, but as of yet there are no standardized international cybersecurity training syllabi. As such, there is a need to create internationally accepted or recognized syllabi to allow global companies to more easily choose cybersecurity training programs for specific skills and help to lower the price of training.

That is why FUJITSU, Hitachi, Ltd., and NEC Corporation, three major Japan-based global information and communication technology (ICT) service providers, declared in December 2017 that they will develop common cybersecurity syllabi together. “Cyber ranges” are popular virtual platforms offering an authentic and real-world IT environment for hands-on training of cybersecurity professionals. Many companies find cyber range training unaffordable because curricula are highly tailored and a few vendors are currently available, but these three Japanese companies believed standardized cybersecurity training could be made more accessible and reasonably priced for everyone. They embarked on a multi-phase process to achieve this goal.

The first step the three companies took was to map what types of cybersecurity professionals they needed, based on the US National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (SP800-181). Because the three companies have a global business presence, they chose the NICE standard as an international common language to more efficiently manage cybersecurity professionals around the world. It took about three months to map which types of cybersecurity professionals need to obtain which types of abilities, knowledge, and skills.

Second, the companies developed cybersecurity curricula for what they identified as the four highest priority cybersecurity professional categories: penetration testers, forensic engineers, incident responders, and security operators. Concluding in October 2018, it took one year to create a prototype for the four categories. Closing the gaps was challenging because each of the three companies was accustomed to different terminologies and had different priorities for their cybersecurity professionals.

Third, the three companies took part in discussions with the Cyber Risk Intelligence Center (CRIC), a non-profit consortium based in Tokyo, to share cybersecurity best practices with the world. Hitachi and NEC, along with Nippon Telegraph and Telephone Corporation (NTT), founded the Cross-Sector Forum in June 2015 to create an ecosystem for educating, hiring, training, and retaining cybersecurity professionals. FUJITSU is one of the 43 Forum members. The Cross-Sector Forum joined the CRIC in April 2017. These three companies believe that the Center is an ideal platform to discuss the development of cybersecurity professionals and standardized cybersecurity training curricula in an open manner with other ICT companies and cybersecurity vendors.

Because these companies collaborated to compare notes about their own cybersecurity training, they’ve been able to gather best practices to nurture cybersecurity professionals more broadly. This journey has allowed the companies to develop standardized cybersecurity training syllabi, and once a volume discount becomes available, more companies will be able to train their employees.

By the end of 2019, NTT, as a member of the CRIC, has twice conducted cybersecurity training workshop trials based on prototype syllabi. These experiments proved the trial curricula would allow companies to conduct training at lower costs. Afterward, the trainees offered feedback on how to revise the syllabi to improve future training sessions.

The Covid-19 pandemic has introduced challenges to cybersecurity training based on the new syllabi. NTT had planned to start modified cybersecurity training workshops based on the feedback shortly after April 2020, the beginning of the Japanese fiscal year. Nevertheless, the Covid-19 outbreak and state of emergency between April and May 2020 prevented NTT from hosting in-person workshops.

Online training is not ideal because instructors need to pay close attention to trainees, observing their reactions and the commands they type on screen. It is also necessary for instructors to adjust the content and speed of training for each student. Despite these challenges the companies, including NTT, plan to make some of the training program available online in fall of 2020 to accommodate wide-spread remote working during the pandemic. To ensure quality results, online training instructors will need to maintain close communication with individual students, interacting to simulate in-person training as closely as possible.

In the meantime, the next step for the CRIC will be the development of cybersecurity syllabi for the 10 remaining professional categories such as security auditor and consultant. Subsequently, they can share the newly added standardized syllabi with its members.

A final step in realizing this vision will be the global expansion of the standardized cybersecurity training syllabi. Because CRIC members necessarily have business operations outside Japan, these companies must strengthen global cybersecurity resilience and conduct cybersecurity training for all employees. NTT has translated the cybersecurity syllabi from Japanese to English. Standardized cybersecurity training curricula becoming internationally available will facilitate the pipeline generation of next-generation cybersecurity engineers.

As Japan is an aging society with a decreasing birthrate, its companies have had to invest more in the global market. Accordingly, the volume of mergers and acquisitions (M&A) of non-Japanese businesses has skyrocketed since 2013. As a result, this rapid M&A growth has made cybersecurity governance more complicated. Cybersecurity expectations and use of cybersecurity-related products and services vary significantly among nations and companies. This makes it challenging to manage and operate cybersecurity across the globe and maintain integrated visibility to tackle cyber risks. The need to standardize is growing nevertheless.

This is why it is crucial to start preparing to widen cybersecurity training syllabi beyond Japan, in both Japanese and English, by inviting non-Japanese companies to join. Fragmented cybersecurity efforts inhibit companies from more-proactively and expediently addressing borderless cyber threats. Additionally, the expansion of syllabi users would bring down the price of training in the long run around the world. Lastly, participation by non-Japanese companies will allow cybersecurity training developers to incorporate both Japanese and global perspectives to make the syllabi truly international and standardized.

Mihoko Matsubara (mihoko.matsubara.er@hco.ntt.co.jp) is Chief Cybersecurity Strategist, NTT Corporation, Tokyo, responsible for cybersecurity thought leadership. She worked at the Japanese Ministry of Defense before her MA at the Johns Hopkins School of Advanced International Studies on Fulbright. She is Adjunct Fellow at the Pacific Forum, Honolulu, and Associate Fellow at the Henry Jackson Society, London.

PacNet commentaries and responses represent the views of the respective authors. Alternative viewpoints are always welcomed and encouraged. Click here to request a PacNet subscription.

Issues & Insights Vol. 20, WP 3 – The role of regional organizations in building cyber resilience: ASEAN and the EU


This paper explores the role of regional organizations in crafting solutions that are able to address both the scale and cross-border nature of cyber threats, as well as the challenges inherent to an anarchical international system. It focuses on the Association of Southeast Asian Nations (ASEAN) and the European Union (EU) and the cybersecurity frameworks they have developed in the last few years. The EU has significantly improved regional cyber resilience and cooperation by setting out ambitious goals, enhancing information sharing and harmonizing practices across its member states. In contrast, ASEAN has a lack of a strong unifying governance or legal framework, which limits the collective capability of the region to capitalize on shared knowledge to prevent and mitigate cyber threats. The paper aims to elaborate on relevant measures that could be implemented in ASEAN based on a comparative analysis with the EU. Despite the stark differences between the two organizations, there is common ground in some areas for the development of policy recommendations aimed at enhancing ASEAN’s cyber resilience, eliminating the need to reinvent the wheel in key policy areas. To this end, this paper analyzes the two organizations’ cybersecurity frameworks in line with the four pillars of cyber capacity building identified by the European Institute for Security Studies (EUISS) and adjusted to a regional context: overarching regional strategy, institutional framework for cyber threat prevention and response, harmonization of cybercrime and data privacy legislation, and cyber awareness and hygiene.

PacNet #13 – Keep an eye on North Korean cyber-crime as the Covid-19 spreads

The Covid-19 outbreak continues to cause tumult in the global economy, with countries like South Korea and Italy reporting a rapid increase in diagnoses and many companies requesting that employees work from home to keep the virus from spreading.

In North Korea’s case, it has had its Chinese borders closed for over a month, long before the rest of the world began to react to the virus. Even if it were, as its state media claims, coronavirus-free, how long could their economy sustain total global isolation? By sealing their border with their largest economic partner, North Korea has effectively placed itself at the mercy of UN sanctions.

Kim Jong-un knows that his country cannot last like this for very long, and with so much of his power stemming from the support of Pyongyang’s elite, we must prepare ourselves for their reaction. Learning from the DPRK’s past behavior, national security leaders should be less concerned about military action and focus their attention on shoring up their cyber defenses.

Jonathan Corrado, policy director for the Korea Society, noted in a recent article the extreme lengths North Korea has gone to prevent the spread of coronavirus in the country. These border closures, although necessary to reduce the chance of viral contagion, will have a lasting impact on their already minuscule economy.

Even prior to the closures, UN Security Council sanctions already heavily impacted North Korean exports. Yet, despite the cuts to the DPRK’s exports, World Bank data indicates that North Korea’s GDP has been slowly rising since 2015. This financial discrepancy can be explained primarily through North Korea’s burgeoning international crime economy.

According to the 2017 Global Initiative against Transnational Organized Crime’s 30-page report entitled Diplomats and Deceit: North Korea’s Criminal Activities in Africa, North Korean diplomats travel “regularly to Pyongyang and Beijing in China with diplomatic bags filled with contraband.” These members of diplomatic missions to countries on the African content would smuggle illegal items such as diamonds, gold, and ivory back to the DPRK and China, where they sell for exorbitant prices.

In 2016, Angolan leaders had been meeting with North Korean liaisons to collaborate on national security projects. This collaboration did not come as a surprise—Angola has long been militarily linked to North Korea. A 2015 Washington Times article identified a number of UN sanctions that Angola had violated by engaging in business with the DPRK. Angola was found to be purchasing military training, weapons, and over 4.5 tons of ship engines and parts, to service the naval boats they had purchased from Pyongyang in 2011. North Korean arms are also believed to be regularly supplied to Ethiopia, where they have been providing and manufacturing weapons since the mid-80s.

North Korea has not limited its illegal activities to Africa. DPRK embassies have long been (correctly) accused of facilitating the international trade of crystal meth, taking advantage of the high premiums their products can garner and abusing diplomatic channels to smuggle the drug into foreign countries.

However, thanks to Covid-19, protecting the elites of Pyongyang has become such a priority that the state has sent all Chinese diplomats back to China, while simultaneously suspending all flights, trains, and travel with the outside world. The shutdown means North Korea will no longer be able to rely on its diplomats returning from trips abroad to produce the much-needed cash for the economy.

To ensure that their country can continue to function while they weather the global crisis, North Korea may very likely double down on cybercrime. While smuggling and other forms of illicit trading require the physical moving of goods and/or services, cybercrime can be committed from anywhere, even a sealed North Korea.

North Korea has already proven itself adept at infiltrating computer systems around the world. Bureau 121, an elite cyber warfare agency in North Korea, has been named the leading suspect for many famous cyber-attacks, including the Sony hack in 2014, the SWIFT banking hack in 2015, and the Bangladesh Bank Robbery in 2016. All together, these operations are estimated to have cost over $100 million in stolen funds, and billions of dollars in cybersecurity damages.

The most alarming of North Korea’s alleged cyberattacks is the 2017 WannaCry ransomware attack. This ransomware—which locked 200,000 devices in a single day and demanded ransom payments in bitcoin—caused severe disruptions among businesses around the globe. But WannaCry did not just target private corporations. The attack also infected the National Health Service (NHS) in England and Scotland, causing NHS services to divert ambulances and turn away patients.

Fortunately, May 2017 was not a time of global health panic. However, as the Covid-19 continues to spread, the DPRK’s vice minister of public health declared that the Chinese border will remain shut indefinitely until a cure is completely ready. We must prepare ourselves for attempts to disrupt healthcare systems. An economically strangled North Korea has much to gain from global disruptions, and we must brace ourselves and develop our cyber defenses accordingly.

Todd Wiesel (tjw2144@columbia.edu) is a student at Columbia University completing his bachelor’s in Political Science and East Asian Studies. He is also an MBA candidate at London Metropolitan University, where his research focuses on the impact and effects of corporate social responsibility on capital markets. He previously earned a master’s degree in Innovation, Leadership and Business Management from Oxademy Business School, and is a former Kim Koo Fellow at the Korea Society, focusing his research on the inter-Korean negotiation process. Before enrolling in Columbia, he worked as the managing director of The Negotiation Institute. Prior to his tenure at TNI he served as an urban warfare and counter-terror specialist in the Israel Defense Forces.

PacNet commentaries and responses represent the views of the respective authors. Alternative viewpoints are always welcomed and encouraged. Click here to request a PacNet subscription.