An Active Cyber Defense Framework Could One Day Protect Japan
2:03 p.m. JST, September 13, 2022
Japan’s cyber defense is said to be vulnerable, so the government is considering the introduction of an active cyber defense framework, sources say.
ACD continuously patrols and monitors cyberspace to quickly identify and respond to suspicious communications and behavior that could pose security threats. The United States and the United Kingdom are among the countries that have adopted the framework as part of their approach to cyber defense.
The framework is an attempt to bolster the nation’s defense against cyberattacks on critical infrastructure such as telecommunications and the power grid, the government sources said.
The government is making arrangements to include the capability in the National Security Strategy which will be reviewed by the end of the year.
The main pillar of the framework is to give the government the power to regularly access systems and networks and to analyze suspicious communications. The ability to take countermeasures to neutralize attacker data is also being discussed as an option.
Cyberattacks can cause massive damage to infrastructure in a short period of time and lead to disruption in society. Currently, the government can only gather information and take action after damage has been done. There have been many calls within government and the Liberal Democratic Party for the introduction of ACD.
Under the current law on the prohibition of unauthorized computer access, except for criminal investigations, access to a third party’s system or network is illegal, even for the purpose of detecting cyberattacks or to identify their sources. The creation of malicious software to neutralize an attacker is also prohibited by the Penal Code.
The Constitution’s guarantee against violation of the “secrecy of any means of communication” has been interpreted as also applying to the Internet. To introduce the ACD, the government intends from next year to carefully develop the necessary legal system while taking into consideration people’s rights.
The government envisions ACD being jointly managed by the National Cyber Security Incident Preparedness and Strategy Center and the Self-Defense Forces Cyber Defense Command. The government also intends to increase the NISC and the FDS command, which currently numbers around 500 people.
Prior to the Russian invasion of Ukraine that began in February, cyberattacks were launched against Ukrainian government agencies and telecommunications companies. Thus, nations are working to develop cyber defense countermeasures.