Japanasserts Its Commitment to National Cybersecurity Preparedness

The Japanese government has taken significant steps to bolster its cyber-response capabilities, passing legislation aimed at catching up with US national cybersecurity standards. The amended legislation, referred to as the Active Cyber Defense Bill, enables the Japanese government to take more proactive measures to prevent cyberattacks before they can cause widespread damage.

Background on the Active Cyber Defense Bill

The bill was first introduced in December after former US Director of National Intelligence Dennis C. Blair strongly criticized Japan’s cybersecurity efforts in October 2022. Blair’s warning was a wake-up call for the Japanese government, which responded by releasing a new National Security Strategy with improved goals for cybersecurity response capabilities. The Active Cyber Defense Bill is a key component of this strategy, introducing new measures to eliminate the possibility of serious cyberattacks that may cause national security concerns.

Key Provisions of the Active Cyber Defense Bill

The bill has two main components. The first half deals with the more passive changes Japan will implement in its national cyber posture. These provisions include:

• Establishing a cybersecurity council and a committee overseeing information gathering and analysis
• Requiring critical infrastructure providers to report cybersecurity incidents
• Granting the prime minister’s office new power to collect certain relevant information through telecommunications providers
• Laying out restrictions on how the government can use collected data and what sensitive information must be filtered out

The second half of the bill introduces more active measures to ensure Japan’s cyber defense. These measures include:

• Granting the military new powers to actively protect both its systems and certain systems associated with the US military presence in its borders
• Hiring new "cyber harm prevention officers" who will proactively address major cyber threats by shutting down enemy servers during an incident
• Allowing these officers to act even without explicit approval from relevant oversight bodies in high-pressure situations

Expert Analysis

Bugcrowd founder Casey Ellis notes that the introduction of "vigilante hacking" capabilities is a controversial but necessary measure in specific, controlled scenarios. This represents a shift toward a more proactive stance, which is overdue given the evolving threat landscape.

Context and Background

The Japanese government’s efforts to strengthen its cybersecurity capabilities come after a warning from Japan’s national police that Chinese state-backed threat actor MirrorFace has been committing widespread cyber espionage since 2019 in an effort to steal Japan’s national security secrets. The country is also grappling with a mix of state-sponsored attacks, particularly from neighboring nations, and criminal activity targeting its advanced industrial base.

In conclusion, the Japanese government’s passing of the Active Cyber Defense Bill marks a significant step forward in its efforts to enhance its national cybersecurity preparedness. By introducing new measures to prevent cyberattacks and take proactive action against cyber threats, Japan is seeking to close the gap with its allies in North America and Europe.