The Japanese government recently made significant strides in enhancing its cybersecurity efforts, with the passing of new legislation aimed at strengthening the country’s cyber-response capabilities. This move comes in response to growing threats from state-sponsored cyberattacks and cyber espionage activities targeting Japan’s national security secrets.
The newly approved legislation, known as the Active Cyber Defense Bill, grants the Japanese government the authority to take more aggressive measures to prevent cyberattacks before they can inflict widespread damage. The bill, which was delayed in 2024 but ultimately received approval from the country’s leading Liberal Democratic Party and the Cabinet, marks a significant step towards aligning Japan’s cybersecurity standards with those of its allies in North America and Europe.
According to reports, Chinese state-backed threat actors, particularly the MirrorFace group, have been actively engaging in cyber espionage activities targeting Japan since 2019. These activities have raised concerns about the country’s vulnerability to cyber threats, including ransomware attacks, supply chain compromises, and IP espionage.
In response to these growing challenges, the Japanese government has been working towards improving its cybersecurity posture. The initiative to enhance Japan’s cyber-readiness efforts can be traced back to April 2022, when former US Director of National Intelligence Dennis C. Blair criticized the country’s cybersecurity capabilities. Blair’s assessment, known as the “Blair Shock,” highlighted the need for Japan to establish new cybersecurity positions and agencies to bolster its defenses.
Following Blair’s recommendations, then-Prime Minister Fumio Kishida’s administration released a new National Security Strategy with a focus on enhancing cybersecurity response capabilities. The strategy introduced the concept of “active” cyber defense, aimed at preemptively identifying and neutralizing potential cyber threats to prevent serious national security concerns.
The newly passed legislation introduces both passive and active measures to enhance Japan’s cyber defense capabilities. The passive changes include the establishment of a cybersecurity council, information gathering committees, and mandatory reporting of cybersecurity incidents by critical infrastructure providers. The active measures empower the military to protect its systems and collaborate with US military systems within Japan’s borders. Additionally, law enforcement will be recruiting cyber harm prevention officers to proactively address major cyber threats.
While the idea of “vigilante hacking” by prevention officers may be controversial, experts believe it represents a necessary shift towards a more proactive cybersecurity stance. With cyber threats evolving rapidly, Japan’s move towards legalizing active cyber defense is seen as a crucial step in safeguarding the country’s critical infrastructure and national security interests.
In conclusion, Japan’s commitment to enhancing its cybersecurity preparedness reflects its recognition of the urgent need to address the growing cyber threats facing the country. By implementing proactive measures and aligning its cybersecurity standards with global allies, Japan aims to strengthen its cyber defense capabilities and mitigate the risks posed by sophisticated cyber adversaries.