Photo/IllutrationFrom left, Foreign Minister Taro Kono, Defense Minister Takeshi Iwaya, U.S. Secretary of State Mike Pompeo and Patrick Shanahan, acting defense secretary, converse after their joint news conference in Washington, D.C., on April 19 (AP Photo)

WASHINGTON--Japan and the United States agreed April 19 that a concerted cyber-attack on Japan could be considered an armed attack covered by their security treaty.

Foreign Minister Taro Kono and Defense Minister Takeshi Iwaya met here with U.S. Secretary of State Mike Pompeo and Patrick Shanahan, the acting defense secretary, in a session of the Japan-U.S. Joint Security Consultative Committee.

In a joint statement issued afterward, the two sides agreed that "a cyber-attack could, in certain circumstances, constitute an armed attack for the purposes of Article 5 of the Japan-U.S. Security Treaty."

Article 5 states that an armed attack on Japan or U.S. troops based in Japan would warrant a common response by the two nations.

The statement touched upon the importance of further cooperation to deal with threats in areas such as space, cyberspace and the electromagnetic spectrum.

While acknowledging for the first time that cyber-attacks would also be covered by the security treaty, the joint statement recognized that pinpointing whether such action was being waged by a hostile nation or a disgruntled individual was not always easy to ascertain.

The statement said any decision on whether a cyber-attack constituted an armed attack "would be made on a case-by-case basis, and through close consultations."

Takahisa Kawaguchi, a senior researcher at Tokio Marine & Nichido Risk Consulting Co., said, "In order for Japan and the United States to respond to an attack jointly, there will be a need to identify the attacker, but because it would be difficult to make an immediate identification, a political decision would likely be required in the end."

Kawaguchi said further discussions were needed to determine what level of damage would constitute an armed attack in calling for an improved ability to identify cyber-attackers.

Cyber-attacks could range from hacking of personal and business computers to more serious attacks on important social infrastructure, such as electric power companies and financial institutions.

Experts also said it would be difficult to differentiate whether a cyber-attack was a form of counterintelligence to find weaknesses in computer security systems or a more dangerous act designed to render a computer network inoperable.

(This article was written by Ryo Kiyomiya and Koji Sonoda.)