news

Singapore’s military reforms highlight need to strengthen Japan’s cyberdefenses

Singapore has launched a new military service to enhance its defenses against an evolving spectrum of security threats in the digital domain — something that experts say Japan could learn from, even if it is unlikely to follow such a model anytime soon.

First announced in March, the city-state’s Digital and Intelligence Service (DIS) — a fourth military branch alongside the army, air force and navy — was formally inaugurated Friday in a ceremony presided over by President Halimah Yacob.

The new military branch consolidates the Singapore Armed Forces’ cyber and command, control, communications, computers and intelligence units set up in recent years under a unified structure to enable the SAF to better train and fight as an integrated networked force while defending the country’s critical infrastructure.

It will focus its efforts on attracting and developing both military and nonuniformed experts to increase the SAF’s digital workforce.

Yacob noted a growing number of attacks on other countries “not through traditional armed conflicts, but through the digital realm,” while also highlighting their far-reaching repercussions.

“The impact of these digital attacks is real and can result in disruption of essential services, data theft and even local elections,” she said.

Speaking to Parliament in early March about the need for the new branch, Defense Minister Ng Eng Hen said the number of threats in the digital domain is expected to continue to grow “in scale, sophistication and organization.”

Ng stressed that the digital arena “has become as real as the land, air and sea domains,” and that threats emanating in the digital world can readily impact the real world.

“That divide between virtual and physical, in security terms, is a false one, as the two are in fact intricately interwoven,” he said.

Ng also pointed out that the DIS, which will also be responsible for the electronic protection of military networks and systems, “should not and cannot be” staffed like the army, air force and navy.

The nature of the digital domain and the threats there, he said, require different skill sets and mindsets, which is why the type of soldiers recruited for this service, their training and the force structure will be different.

Although information technology and communications will play a big role for the DIS, it will also require members with specializations in diverse areas such as data science, psychology, linguistics, anthropology and geography, Ng added.

The developments in Singapore come as Japan shifts toward a more robust posture in cyberspace, as neighboring countries such as China, Russia and North Korea are developing increasingly sophisticated cyberattack capabilities.

At the same time, the reforms serve as a reminder that Tokyo needs to keep up the pace of enhancing cybersecurity, said Mariko Togashi, a Japan security expert at the International Institute for Strategic Studies in London.

“There is an urgent need to upgrade these capabilities, and Japan also has a responsibility to do so for its partners and allies, as international cooperation is critical to deter attackers.”

Tokyo recently announced plans to “fundamentally strengthen” the Self-Defense Forces’ capabilities in this domain and launched a new cyberdefense command in March tasked with protecting the SDF’s information and communication networks. In addition, the Defense Ministry is requesting more than ¥75 billion ($506 million) — over twice the ¥34.2 billion allocated for the current fiscal year, which runs through March — in its budget proposal for the coming fiscal year.

The ministry also reportedly plans to boost its cyberdefense personnel to around 890 in fiscal 2022, and further to between 4,000 and 5,000 by fiscal 2027. The new personnel plan will be part of the review of three official documents, including the National Security Strategy, set to be revised by the end of this year.

Still, there are concerns about how Japan’s defensive cyberpolicy — limited by constitutional constraints — can deter serious attacks, particularly given that the country’s private sector has been slow to upgrade its cyberdefenses, with small and midsize companies lagging behind especially.

So, what lessons could Tokyo draw?

Malcolm Davis, a military expert at the Australian Strategic Policy Institute, said Singapore’s move mirrors steps taken by other states to establish dedicated organizations to tackle threats in the new operational domains of space and cyberspace and across the electromagnetic spectrum as part of a “multidomain operations” concept for future warfare.

Davis said that these domains are as important as the traditional air, sea and land arenas, and Japan needs to consider how these new domains are interlinked and related to traditional forces, so that it can explore the best organizational approach to dealing with related challenges.

“Attacks in cyberspace can occur via threats to satellites in orbit, and be coordinated with strategic electronic warfare attacks across the electromagnetic spectrum, or against critical information infrastructure,” he said. “This could erode the ability of Japan to command and control its air, sea and land forces.”

Mihoko Matsubara, chief cybersecurity strategist at telecom giant NTT, said the SDF is well aware of the importance of working with critical infrastructure companies on cyberdefense, particularly given its reliance on critical services such as electricity.

In joint cyberexercises in recent years, such as one the SDF and Defense Ministry joined with NATO’s Cooperative Cyber Defence Center of Excellence, the U.S., and the U.K., “the Japanese have invited critical infrastructure companies, unlike their American or British counterparts,” Matsubara said.

“The joint participation in NATO’s Locked Shields exercise is a right step forward to check points of contact and communication methods in times of crisis,” she added. “These types of joint cyberexercises with the industry are needed more.”

However, this doesn’t mean that Tokyo will follow Singapore’s model of creating a fourth military branch for cyberdefense.

“Given Singapore’s small size, it is easier to make reforms and innovate, but larger states with more unwieldy bureaucracies may struggle to follow suit,” said James D.J. Brown, an associate professor of political science at Temple University Japan
“Were Japan to follow Singapore’s lead, a huge amount of bureaucratic resources would be needed to set up and staff this stand-alone service,” he added. “In the short-term, this could distract from, and not strengthen, efforts to tackle cyberthreats.”

A key difference is that while the SDF cooperates with some critical infrastructure services, it does not have the responsibility and capability to comprehensively identify threats to civilian infrastructure, prepare defenses against them and respond to incidents.

Nevertheless, Davis argues that Japan should be open to new organizational structures, including dedicated commands for cyberspace and space operations, following the lead of other states such as Singapore, or the United States and its Space Force.

“In the future,” he said, “it will be vital for Japan to be able to identify threats in cyberspace that could emerge through multiple domains, and with attacks happening without warning instantaneously.”