As the United States and Japan seek to develop the capacity for collective operations in cyberspace, the overarching theme should be creating practical, functional forces, processes, and institutions. A stated goal of the policy should be to establish capabilities that are robust enough to address high-end threats, yet nimble enough to address normal, low-end, peacetime threats.
No measure for addressing cyber threats will be useful unless it can be utilized reliably in a time of need. The key will be sustained gaming, drilling, exercising, and training—each employed to address various scenarios. To these ends, both sides bring sharable capabilities to bear. The United States could help Japan train its existing cyber operators, and since they are reportedly so few, even by regional standards, help develop new ones. Japan could, at a minimum, share cost burdens, and likely assist in the development of tools and processes for defensive missions. It will require discipline, but there should be a cyber component to every military exercise (save perhaps for search and rescue and humanitarian assistance and disaster relief scenarios). These efforts should also extend well beyond the defense establishment—cyber exercises and training should be fixtures in civil cooperation as well.
The capabilities should ultimately be multidimensional. Though a pillar of traditional defense planning, the concept of the “lesser included threat” in cyberspace is fuzzy. For example, from a purely defensive standpoint, good systems and processes might stop sophisticated and crude threats alike. But the tools and people organizations use to defend against advanced persistent threats are not necessarily applicable or optimized to address distributed denial of service attacks or supply chain threats. The networking lexicon provides a more useful analogy: scalability. Forces, processes, and institutions should be created with this concept—the ability to grow or shrink to meet demand—in mind. This calls for a variety of specialized organizations or components that can assume leadership of other “utility players” to meet diverse threats.
Leveraging this model effectively across national borders, particularly to meet high-end threats, will require resolving some difficult questions. How practical are truly collective operations in the cyber domain during wartime? Are current limitations structural, political, technical, or rooted in something else? In the case of technical barriers in particular, how might this assessment change by 2020 or 2030? In a range of different scenarios, to what extent is a joint command structure for cyber operations desirable or necessary? If joint command is not feasible, can notional divisions of labor be sketched out, agreed to in advance, and included in operational plans?
With the U.S.-Japan Cyber Dialogue and the new Cyber Defense Policy Working Group, the policy-track mechanisms for such discussions already exist, and should focus their efforts on these conceptually and politically challenging issues. This will require the forums to push technical and tactical issues down to subordinate offices, working groups, or units. Ongoing negotiations between the U.S. and South Korea about wartime operational control illustrate just how complex and sensitive matters of command can be. That there is no precedent for this sort of cooperation in the cyber domain will complicate matters further, highlighting the need for proactive deliberations.
The United States and Japan are making important and significant strides on cyber, but disruptions could arise from either side. For Washington’s part, the requisite leadership attention is in place, but distractions—particularly recent budget crises and their corollary travel freezes—could constrain progress. Also, an overcautious view of what information is sharable could gut the benefits of cooperation. For Tokyo’s part, managing the sequencing of policy changes, and the messaging surrounding those changes, will be the challenge of the day. Japan appears sensitive to the issue. Recent reports indicate that the government will delay discussions of collective defense until next year, so as not to distract from important but less controversial policy proposals such as the creation of a national security council.
Most importantly, both sides need to commit to the principle of progress. Oddly, the person with arguably the greatest potential to slow cooperation in cyberspace is not in Washington or Tokyo, Moscow or Beijing. It is the Governor of Okinawa, who perhaps as early as this December will decide whether to approve plans for the realignment of forces in Okinawa. This is the greatest foreseeable determinant of the trajectory of U.S.-Japan defense cooperation in 2014. If the result is another delay, Futenma is likely to remain the most pressing issue on the agenda. One need only compare the joint statement of the 2011 Security Consultative Committee (“2+2”), which included promising language on cyber, to the 2012 version, where cyber was never mentioned, to understand just how all-consuming Futenma can be for the alliance. But regardless of the outcome of force realignment issues—and for that matter, broader collective defense debates—Washington and Tokyo must commit to preserve bandwidth so that cyber cooperation can proceed.
The views expressed here are personal and do not necessarily reflect those of the Maureen and Mike Mansfield Foundation, nor any other institution with which the author is affiliated.