TOKYO (Reuters) – The United States on Wednesday expressed concern about recent cyber attacks on defense contractors in Japan, which build U.S.-designed missiles, warships and military aircraft, calling for the attacks to be taken seriously.
Experts speculated that the cyber assaults announced this week, the first on Japan's defense industry, may have included the Stuxnet computer virus which has been described as a guided cyber missile which targets industrial control systems.
"Cyber security must be a public-sector priority," U.S. embassy spokeswoman Karen Kelley said.
One industry source said Washington has been pressuring Japan to step up security against cyber assaults.
The attacks on Japan's top defense contractor Mitsubishi Heavy Industries, which builds F-15 fighter jets, Patriot missiles and nuclear reactor parts, and on other contractors, may have come from a nation state, some experts said.
Mitsubishi Heavy is also involved in the development of a ship-launched surface-to-air missile designed for the U.S. ballistic missile shield and is therefore privy to highly-sensitive weapons technology.
Similar attacks earlier this year, which included one on the U.S. defense industry, were said to have originated in China. Chinese authorities denied having anything to do with those or the latest ones reported in Japan.
Japan's defense industry, supplied by a slew of small and medium-size firms with key technologies, is seen as particularly vulnerable to cyber attacks.
"Many of these small firms could have been hacked in the past, without anyone noticing," Kobe University Professor Masakatsu Morii said.
Computers at Mitsubishi Heavy, Japan's biggest weapons maker, were subject to an online assault in August. The company,
which supplies over 20 percent of Japan's defense equipment, said that some network information, such as IP addresses, may have leaked.
An outside contractor is now checking to see if any sensitive data had been breached.
"I believe this is probably the first example of a Stuxnet attack in Japan," said Yoshiyasu Takefuji, a cyber-security expert at Keio University.
Mitsubishi Heavy said that it has so far found eight viruses, none of which were Stuxnet.
The Stuxnet computer worm, which some suspect was created by the United States and Israel, targets industrial control systems sold by Siemens and used widely in infrastructure including nuclear power generators, chemical factories, water distribution systems and pharmaceutical plants.
Mitsubishi Heavy delayed reporting the breach to the defense ministry, which may have been a violation of its military supply contracts.
A second Japanese military contractor, IHI Corp, which builds engine parts for fighter planes, said its employees had been subject to a growing number of suspicious e-mails which it had informed the police about.
Kawasaki Heavy Industries, a maker of airplanes, helicopters and rocket systems, has also been receiving virus-tainted e-mails, the company confirmed on Tuesday.
(Reporting by Tim Kelly, James Topham, Isabelle Reynolds and Mayumi Negishi; Editing by Michael Watson and Jonathan Thatcher)