Japan’s New Cyber Security Strategy

Uploaded on 2021-08-10 in GOVERNMENT-National, FREE TO VIEW

Japan has recently issued the outline for its ‘Next Cyber Strategy’ which is likely to be approved by Cabinet in September 2021. Importantly, this is the first time that Japan has mentioned any country that is posing threat to Japan’s national security - that country is China.

The strategy is intended to run for three years and has been prepared in the backdrop of increasing cyber attacks from China and deteriorating relations with that country on the issue of Taiwan

Japan has also gradually integrated cyber security into boosting its relations in the ASEAN region, offering platforms for collaboration with individual Southeast Asian countries as well as the United States through additional coordination. Japan’s relations with Russia are also deteriorating and Japan perceives that Russia was also responsible for cyber attacks on Japan’s critical infrastructures.

The new national strategy has been formalised after soliciting public comment and states that China is believed to be conducting cyber attacks to steal information from firms linked to the military and others with advanced technologies, while Russia is suspected of carrying them out with military and political purposes.The strategy has been finalised by the special task force on cybersecurity strategies headed by Chief Cabinet Secretary, Katsunobu Kato. He had instructed the members to “enhance defence, deterrence and assessment capabilities and strengthen cooperation among relevant bodies to protect security interests.” 

Realising that cyberspace has become a foundation of social and economic activity, it commits to establish a Digital Agency with the aim of achieving “people-friendly digitalisation, with no-one left behind.” In the external environment, it observes the growing interstate competition in the spheres of politics, economy, military affairs, and technology causing geopolitical tensions, even during normal times. 

The outline states that circumstances surrounding cyberspace have taken on an appearance that is neither peacetime nor wartime. On the nature of threats, it observes that there are increasing threats of organised and sophisticated cyber attacks, including those suspected of being state-sponsored, with the aim of service disruption of critical infrastructure, theft of personal information and intellectual property, and interference with democratic processes. It also observes that China, Russia and North Korea are building their cyber capabilities of their military and other institutions.

In 2014, Japan established the national Cybersecurity Strategic Headquarters reporting to the Cabinet for the purpose of effectively and comprehensively promoting cybersecurity policies. The Cybersecurity Strategic Headquarters is headed by the Chief Cabinet Secretary and comprises his deputy who is the Minister-in-charge of Cybersecurity, and other senior government Minister. This body closely coordinates with the National Security Council of Japan reflecting importance given to the cybersecurity in overall national strategy.

A year later in 2015, the National Centre of Incident Readiness and Strategy for Cybersecurity (NISC) was created by upgrading the National Information Security Centre, which was established in 2005. The NISC serves as the secretariat of the Cybersecurity Strategy Headquarters, working together with the public and private sectors on a variety of activities to create a “free, fair and secure cyberspace”. It functions as the focal point in coordinating intra-government collaboration and promoting partnerships between industry, academia, and public and private sectors. .

The Japanese strategy considers cyber security as value creation enabler for socio-economic vitality and sustained development as also an essential aspect for national security. 

  • It stresses on development of secured IoT system, protection of critical infrastructure through public -private partnership, creation of new effective information sharing and collaboration framework, enhancing security measures for national government, encouraging cyber security at academia and research institutes, and enhancing readiness for massive cyber-attack crisis and importantly taking proactive measures for cyber defence and combating cyber crime.
  • Japan places considerable importance to building a trustworthiness in value chains and decides to take appropriate steps in this direction. It states: “security products and services provided in the market must be trustworthy.” Japan emphasises the use of indigenous services and equipment. It plans to make inexpensive, effective, and accessible security services and simple insurance products widely available for SMEs.
  • Japan places greater emphasis on public awareness programme. It plans to advance “DX with Cybersecurity” (DX is a strategy of enabling business innovation predicated on the incorporation of digital technologies into your operational process, products, solutions, and customer interactions) as a society-wide effort to provide “Plus Security” knowledge to various human resources who may not necessarily have expertise or work experience related to IT or security, including management and executives, and ensure smooth collaboration with security experts both inside and outside the organization.
  • Data protection is an important priority: The personal information of the people and information concerning intellectual property, which is a source of international competitiveness, are important assets that the national government must protect. The vulnerabilities for data hosted on cloud has been focused and Japan commits to make people aware about it.
  • Japan commits to strengthen its defence capabilities by securing the nation’s resilience through enhanced capabilities of the Self Defence Forces and other government institutions. Japan also plans to enhance capabilities to detect, investigate, identify the attackers and deter. 
  • It commits support for ‘Free, Fair and Secure Cyberspace’, for strengthening capabilities of defence, deterrence and situational awareness and international cooperation and collaboration and would promote the rule of law in cyberspace. Japan along with others is pushing for strict international law for the governance of the cyberspace.

This strategy calls for enhancing deterrence through the Japan-US alliance by holding joint exercises of the Japanese Self-Defense Forces, US forces.ASEAN partners.

For economic security, this strategy focuses securing the safety of key infrastructure for overseas communications, including submarine communication cables, and creating safety and credibility standards for information technology devices.The strategy reflects the current perception of cyber threats and its ambition to develop a strong deterrent capability against its adversaries. The strategy also indicates growing confidence in dealing with its neighbours.

The Chinese Foreign Ministry has severely criticised Japan for the new cyber security strategy and spokesman  blamed Japan for “groundless slander” against China and Russia on cybersecurity.  He further stated that Japan bad relations with all its neighbours.

While Japan alone may not be able to counter Chinese cyber attacks, in coordination with US and others it can achieve the strategic equilibrium in cyberspace.  In this respect, it can play an important role in countering the forces that are creating instability in that region.   

Intelligence Online:        Bangkok Post:      Times of India:     IFRI:        Image:Unsplash

You Might Also Read:

IISS: Cyber Capabilities & National Power Rankings:

 

« Endpoint Security Is More Important Than Ever
New CSPM Report Highlights The Perceived Security Gap For Cloud Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

vpnMentor

vpnMentor

We started vpnMentor to offer users a really honest, committed and helpful tool when navigating VPNs and web privacy.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.