The Japanese government has recently taken significant steps to enhance its cybersecurity preparedness by passing new legislation known as the Active Cyber Defense Bill. This legislation allows the government to proactively prevent cyberattacks and strengthen its cyber-response capabilities to align with US national cybersecurity standards.
The passage of this law comes in response to a warning from Japan’s national police about cyber espionage activities conducted by the Chinese state-backed threat actor known as MirrorFace. These activities have targeted Japan’s national security secrets since 2019, prompting the government to take bold actions to protect its critical infrastructure and defense industry.
The push for improved cybersecurity measures in Japan dates back to April 2022 when former US Director of National Intelligence Dennis C. Blair criticized the country’s cybersecurity efforts as inadequate compared to its allies in North America and Europe. This criticism, now known as “Blair Shock,” led to the establishment of new positions and agencies to enhance Japan’s cyber-readiness capabilities.
Prime Minister Fumio Kishida’s administration responded to Blair’s critique by releasing a new National Security Strategy with goals to improve cybersecurity response capabilities. This strategy introduced the concept of “active” cyber defense, emphasizing early identification and prevention of cyber threats to safeguard national security.
The Active Cyber Defense Bill outlines both passive and active measures to strengthen Japan’s cyber defense posture. It establishes a cybersecurity council, requires critical infrastructure providers to report incidents, and grants new powers to the military and law enforcement to actively protect against cyber threats.
Overall, Japan’s move towards legalizing active cyber defense reflects its commitment to addressing the evolving cyber threat landscape and ensuring national security in the face of increasing cyberattacks.
