The United States, Japan and the Philippines will reportedly join forces in cyber security defense with a strategic cyber threat sharing agreement in the wake of growing attacks by China, North Korea and Russia.
The initiative will be launched during high-level trilateral talks between U.S. President Joe Biden, Japanese Prime Minister Fumio Kishida and Philippine President Ferdinand Marcos Jr. at a trilateral summit in Washington this week, according to the English-language version of the Nihon Keizai Shimbun. The cyber alliance comes on the heels of Volt Typhoon, a group of cyber attackers linked to the Chinese military, targeting critical infrastructure networks in the Philippines and US territories in the region.
Over the past three months, the number of attempted cyberattacks against national government agencies in the Philippines has increased 20% week-over-week, according to Trend Micro data shared with Dark Reading.
“Traditional U.S. allies in Asia — Japan, Taiwan, the Philippines — are of great interest to China-aligned attackers,” says Robert McArdle, director of forward-thinking threat research at the cybersecurity firm. “There has recently been an increase in tensions in the region, as well as major political events, including presidential elections, in which China maintains interest.”
The cybersecurity concerns come as geopolitical tensions have intensified in the region. China has expanded its military presence, particularly with its claims over large sections of the South China Sea, to farther afield 1,000 km from its mainland and invade the territory of the Philippines. The military buildup has been matched by an increase in cyberattacks by Chinese state-sponsored actors, such as Mustang Panda, which compromised a government agency in the Philippines last year. Widespread Volt Typhoon attacks have claim critical infrastructure networks in the Philippines, the United States, the United Kingdom and Australia.
Philippines at risk
The South China Sea dispute comes at a time when the Philippines has seen significant growth in technology development and business sectors, as well as increased urbanization and Internet access, says Myla Pilao, director of technical marketing at Trend Micro, who works at the company headquarters in Manila. office.
“This growth path, [however]also presents challenges including service reliability, workforce skills shortages, and data/privacy management issues [that] making the Philippine ecosystem a more vulnerable target,” he says.
With greater dependence on the Internet and technology, cyber threats increase. Last May, Microsoft warned that Volt Typhoonan APT (Advanced Persistent Threat) group linked to the Chinese army had infiltrated critical infrastructure networks, perhaps to preposition cyber operations teams in foreign networks before the outbreak of hostilities.
Typhoon Volt poses a major threat to the region’s critical infrastructure, raising the priority of information sharing, says Lisa J. Young, APAC Intelligence Office analyst at the Financial Services Information Sharing and Analysis Center (FS-ISAC).
“This trilateral agreement specifically denounces cyber threats aimed at critical infrastructure,” he says. “As the nature of warfare evolves, tactics increasingly incorporate an online element through cyberattacks and mis- [or]disinformation campaigns, with an increasingly fragmented range of actors. Governments are working to adapt by incorporating both defensive and offensive cyber capabilities.”
US “Hunt Forward” initiative.
The cyber deal with the Philippines is not a new strategy: the United States and Japan already began trilateral talks with South Korea in July and August, when the three governments agreed to consult on regional threats and share data on manipulation of foreign information. Japan and South Korea also joined NATO’s Cooperative Cyber Defense Center of Excellence (CCDCOE) in 2018 and 2022 respectively, where allies regularly share information on cyber threats.
The trilateral agreements with South Korea and the Philippines are aligned with a part of the US strategy known as “Hunt Forward,” in which US Cyber Command deploys military cybersecurity specialists to allies to hunt down cyber assets harmful. So far, more than two dozen allies have done so hosted the Hunt Forward teamsand their deployment will likely increase tensions, said Jason Bartlett, a research associate in the Atlantic Council’s Energy, Economics, and Security for a New American Security group. in an August analysis.
“Incorporating ‘Hunt Forward’ operations into U.S. cyber strategy with allies in the Indo-Pacific will most likely agitate already sensitive ties between Southeast Asia and China, but the United States needs to increase its cyber presence in the region due to their constant exposure to illicit cyber activity,” Bartlett said. “Numerous state-sponsored hackers, mostly from North Korea, have operated for years in Southeast Asia and other Indo-Pacific regions with little punitive response from local and national governments.”
The trilateral agreement addresses both cybercrime – particularly from North Korea – and nationwide cyberattacks from China, Russia and North Korea, and aims to isolate bad actors in China, says FS-ISAC’s Young .
“This joint framework between the United States, Japan and the Philippines is a step toward strengthening cyber defenses, mitigating potential attacks, and strengthening supply chains to reduce dependence on China,” he says. “Information sharing between the public and private sectors remains the best way to ensure the collective protection of critical infrastructure sectors against the evolving threat landscape.”