JAPAN SDF SENSITIVE DATA PROTECTION asahi.com:Editorial/ SDF sensitive data leak?-?ENGLISH: "It is indispensable that firm, clear rules for protecting information be established and implemented. With these words, the 2004 Council on Security and Defense Capabilities Report stressed the importance of information security. However, it has now been learned that the Defense Agency, supposedly the main guardian of such controls, has not lived up to its responsibility.

A large volume of defense secrets and other sensitive information about the Maritime Self-Defense Force was leaked over the Internet from a personal computer belonging to a chief petty officer stationed on a destroyer at the MSDF base at Sasebo, Nagasaki Prefecture.

Among the leaks, equivalent in volume to more than 1,000 pages of paper, were navy vessel call signs, combat exercise schedules and the table of contents for a list of secret codes. The names and addresses of the crew members of certain naval ships were also leaked.

Defense Agency sensitive information is classified in three levels of security: 'top secret,' 'secret' and 'confidential.'

The call signs, classified under the third-highest level of 'confidential,' must all be changed because of the leak. And anyone with access to the combat exercise schedules could deduce some of the SDF's proposed operation scenarios.

There are also concerns that the personal data on SDF troops could be used inappropriately.

The fact that no data at the highest levels of 'top secret' or 'secret' was leaked does not excuse this shocking situation.

Even though the officer responsible for the leak was cleared to handle data labeled 'secret,' the potential risks of accessibility are great.

The officer's home computer contained the Winny peer-to-peer file-sharing program. When he loaded copies of MSDF data files on his home computer to work on, the information was apparently leaked through a malware program that had infected his computer, likely via the Winny program.

Taking home restricted MSDF information is not allowed under Defense Agency regulations, but clearly that rule is not being strictly enforced.

In a similar incident last November, also connected with the Defense Agency, patient information was leaked from the home computer of a medical officer at the SDF central hospital. In that case, too, the Winny program was loaded on the computer and the officer had taken confidential data home to work on.

The agency, taking the Sasebo base incident seriously, has launched an emergency investigation of all members of the Ground, Maritime and Air branches of the SDF.

It seems to us that such a move is rather like closing the barn door after the cows have escaped. The agency should have ensured that its information management systems were secure and kept its members well informed of the regulations.

The ability to collect, analyze and guard information is the foundation of our national defense. The agency must waste no time in clearly establishing what data were leaked and how this leak happened. It must meticulously track the impact of this leak in the outside world.

Information leaks over the Internet are a frequent headache for government offices and private companies. Just last Friday, in fact, it was revealed that data including the personal information on 149 people connected with a public auction overseen by the Tokyo District Court was leaked via a court secretary's home computer.

Once information is posted on the Internet, it can be forwarded or copied indefinitely, literally existing forever in cyberspace.

If a computer containing critical data is stolen or infected with a virus, that machine could very well perpetrate irreparable damage to an organization's security.

While the Internet has ushered in an era of easy and convenient information exchanges, it has also opened up a gaping abyss of security concerns.

--The Asahi Shimbun, Feb. 26(IHT/Asahi: February 27,2006)