Mitsubishi Heavy Industries, Japan’s biggest weapons maker, kept a cyber attack on its computer network quiet from the defense ministry, potentially putting it in breach of contracts to supply billions of dollars of equipment to the military.
Under the terms of an agreement the government imposes on all contractors, companies are obliged to inform it promptly of any breach of sensitive or classified information. An angry Japanese Ministry of Defense yesterday demanded the company carry out a full probe.
“It’s up to the defense ministry to decide whether or not the information is important. That is not for Mitsubishi Heavy to decide. A report should have been made,” a spokesman for the ministry said.
Officials only learned of the attack from local press reports on Monday.
A second military contractor, IHI Corp, which supplies engine parts for fighter planes, said its employees had been subject to a growing number of suspicious e-mails which it had informed the police about.
A spokesman did not elaborate on the nature of the e-mails. The Nikkei Shimbun had said earlier the company had also been the victim of a cyber attack.
Mitsubishi Heavy, which has built the US-designed F-15 fighter jet and missile systems, including Patriot batteries, under licence, said on Monday that computer systems had been accessed in August and some network information, such as IP addresses, may have been leaked.
Should Mitsubishi’s probe reveal the loss of sensitive data, the defense ministry could impose penalties on its main domestic arms supplier, a business that accounts for a substantial chunk of Mitsubishi Heavy’s revenues.
“The company is still assessing the damage, so the impact is still unknown at this point, but because defense is so important to the company’s business, this is bad news,” said Mitsushige Akino, chief fund manager at Ichiyoshi Investment Management Co.
Mitsubishi Heavy won ￥260 billion (US$3.4 billion) in deals from the defense ministry in the year to March, or nearly a quarter of the ministry’s spending that year.
Besides surface-to-air Patriot missiles, the weapons included and AIM-7 Sparrow air-to-air missiles.
Japanese Minister of Defense Yasuo Ichikawa said he had so far received no reports of classified information having been looted in the online assault. He did not say what information was at risk.
An investigation by a computer security company revealed connections were made to 14 overseas sites, including at least 20 servers in China, Hong Kong, the US and India, the Yomiuri Shimbun reported earlier, citing unidentified sources.