1. Introduction
On September 10, the Liberal Democratic Party (LDP) submitted its proposal for the Government of Japan to establish a system of “active cyber defense” (Nōdō-teki saibā bōgyo). The proposal states that the government should be able to collect and analyze communications metadata being handled by domestic private telecom providers in order to effectively detect signs of cyberattacks and to take pre-emptive measures to thwart the threat of potential attacks.
These recommendations were submitted to Prime Minister Fumio KISHIDA by former Minister of Defense Itsunori ONODERA, who is currently serving as Chairman of the LDP’s Security Research Commission. ONODERA also emphasized the need for implementation of active cyber defense to ensure Japan’s national security and highlighted the urgency in submitting relevant legislation to the National Diet this autumn.
At the same time, the LDP’s proposal acknowledged that use of data collected through any prospective “active cyber defense” system must be kept to the minimum necessary in order that the system be compatible with “secrecy of communications” guarantees stipulated in Article 21 of the Japanese Constitution.
2. A Primer on Japan’s Prospective “Active Cyber Defense” System
“Active cyber defense” refers to the government’s use of communications data to monitor cyber threats and involves the penetration of servers used for cyber-attacks in order to prevent the threat from being realized in the first place or, if a serious cyberattack does occur, to mitigate the damage spread to critical infrastructure.
Communication data collected under Japan’s prospective system is intended to include ancillary information (metadata), such as the date and time of communications and internet protocol (IP) addresses, and to exclude more detailed communication data (e.g. email contents).
A notable target for the system’s monitoring is expected to be “communications involving foreign countries”, particularly when Japan is acting as a node for communications between one foreign country to another (“transit communications”).
3. Toward “Active Cyber Defense”
The Japanese government’s increased awareness of the need to bolster its cyber defense capabilities follows Russia’s large-scale cyber-attacks on Ukraine in February 2022 and comes amid malware attacks on U.S. critical infrastructure this year suspected to have been carried out by Chinese hackers.
Tokyo aims to develop cyber defense capabilities that will be on par with those possessed by Western Countries, where public-private sector cooperation is the norm and major infrastructure companies are obliged to report cyber-attacks to government.
The critical juncture for Tokyo’s realization was the April 2022 “Blair Shock”, when former U.S. Director of National Intelligence Dennis C. Blair informed Tokyo that Japan’s cyber security preparedness had not caught up with that of its U.S. ally.
Blair made three main recommendations:
1. Appoint a Japanese counterpart for the White House’s National Cyber Director Harry Coker.
2. Establish an organizational counterpart equivalent to the U.S.’ National Security Agency (NSA), Cyber Command and Five Eyes.
3. Reorganize Japan’s National Information Security Center (NISC) to be a cooperative partner for the U.S. Joint Cyber Defense Collaborative (JCDC).
December 2022’s National Security Strategy of Japan consequently committed to strengthening “the foundations of information security and cyber security so that Japan and the U.S.. can fully employ their capabilities”, introducing “active cyber defense”, and to the restructuring of the NISC to “comprehensively coordinate policies in the field of cybersecurity, in a centralized manner”.
It would be two years later this June and July 2024 that Japan’s panel of experts would fully consider how the government could implement active cyber defense.
4. Key Findings of the Expert Panel on Japan’s Cyber Defense
Four core recommendations issued by the expert panel for the successful establishment of Japan’s prospective active cyber defense system are:
1. Strengthening of Public-Private Cooperation:
● Government promotion of two-way information sharing.
● Establishment of a security clearance system for centralized information- sharing by relevant agencies.
● Increased information-sharing interoperability with like-minded nations.
2. Use of Communication Data:
● Data analysis to understand the actual situation of bot networks and other attack methods (e.g. hijacked communication devices).
● Use of information, under certain conditions, to analyze the effectiveness of Japan’s countermeasures against serious cyber-attacks.
● Establishment of a detailed legal framework and a corresponding technical system.
3. Access and Neutralization: :
● Legal regulation referencing Japan’s extant Police Duties Execution Act which allows for immediate implementation of measures to prevent and suppress crimes (Article 5).
● Development of a comprehensive system capable of seamlessly protecting Japan on a real-time basis that is linked to Japan’s extant law enforcement system..
● Enhancement of the neutralization capabilities possessed by the Japan Ministry of Defense, Japan Self-Defense Forces and police forces etc.
4. Other Cross-cutting Issues:
● Clarification of the responsibilities of NISC and other ministries and agencies.
● Introduction of technology to monitor and control unauthorized activity in government agency systems.
● Security measure support, including hardware, for small and medium-sized enterprises, especially those integrated into core infrastructure supply chains.
Finally, the report notes the importance for Tokyo to strengthen cooperation with other major developed countries in these four critical areas to improve Japan’s cyber defense capabilities.
5. Conclusion: Future Prospects
There are two outstanding issues remaining in the run up to the LDP’s planned autumn submission of legislation to the National Diet for the facilitation of a Japanese “active cyber defense” system.
The first is the legal framework. As noted by the expert panel, the Japanese government needs to examine what kind of consent from communication users is sufficient so that use of data for cyber defense purposes can be considered compatible with the Constitution’s “secrecy of communication” guarantees.
The second is the matter of technical issues. According to former intelligence officer Kyozō YOKOYAMA, it is not yet clear whether Japan has acquired the IP traceback technology necessary for tracing the source of a message; an effective method for neutralizing a cyber-attack.
Nevertheless, Tokyo is making steady progress in shaping cyber security international norms and technologic practices in preparation for Japan’s active cyber defense system. Most notably, just this August Japan’s NICS instituted, in cooperation with the cyber security agencies of the U.S., Australia and other developed countries, best practices for event logging and threat detection to mitigate the threat of cyber-attacks.
In conclusion, like Japan’s rule-making in the field of economic security, which has proved to be more advanced than many other countries, we could see in the future “active cyber defense” practices spreading to other countries in a “Tokyo effect”.
Background Information:
https://www3.nhk.or.jp/news/html/20240910/k10014578131000.html
https://www.japantimes.co.jp/news/2024/07/20/japan/politics/active-cyberdefense-law/
https://toyokeizai.net/articles/-/758872
https://japan.kantei.go.jp/constitution_and_government_of_japan/constitution_e.html
https://www.cas.go.jp/jp/seisaku/cyber_anzen_hosyo/giron_seiri/giron_seiri_gaiyou.pdf
https://japannews.yomiuri.co.jp/politics/defense-security/20240519-186948/
https://www.nytimes.com/2023/07/29/us/politics/china-malware-us-military-bases-taiwan.html
https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf
https://www.policynews.jp/government/2024/acd0806.html
https://www.cas.go.jp/jp/seisaku/cyber_anzen_hosyo/giron_seiri/giron_seiri_gaiyou.pdf
https://www.japaneselawtranslation.go.jp/en/laws/view/4043/en
https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/best-practices-event-logging-threat-detection?utm_source=int-partner&utm_campaign=&utm_medium=social&utm_content=publication-1
https://jbpress.ismedia.jp/articles/-/79269
