« IPA 情報セキュリティ白書2020 + 10大脅威 ~セキュリティ対策は一丸となって、Let's Try!!~ | Main | US-CISAが連邦機関に対する脆弱性情報の開示方針を発表していましたね。。。 »


海外のシンクタンクによる日本のセキュリティ政策の分析 - ETH Zurich - Center for Security Studies -


ETH Zurich  - Center for Security Studies -による、日本のサイバーセキュリティ政策等のレポートが話題になっていますね。。。英語の発信も一定していますが、全体像についての発信は少なかったかもですね。それって、英語だけの問題ではないよね、、、ということで日本人の中でも話題になっています(^^) 

ETH Zurich  - Center for Security Studies -


・CYBERDEFENSE REPORT Japan’s National Cybersecurity and Defense Posture Policy and Organization [PDF] [downloaded]

The aim of this study by Stefan Soesanto is to provide the reader with a better understanding of the evolution of Japan's cybersecurity and defense policy since the year 2000. In addition to the policy areas in which the Japanese government is active in protecting cyberspace, the report explains the security-​​related events that have triggered the need for government involvement.



Table ofContents

1 Introduction

2 Policy Areas
2.1 Cybersecurity
2.2 Cybercrime
2.3 Cyber terror (サイバーテロ)
2.4 Cyber diplomacy
2.5 Cyber defense

3 Evolution (trigger events)
3.1 Cyber terror
3.2 Cyber-espionage
3.3 Cybercrime

4 Relevant policy documents
4.1 Key policy documents
 4.1.1 2000 Basic Act
 4.1.2 2000 Special Action Plan
 4.1.3 1st National Strategy
 4.1.4 2nd National Strategy
 4.1.5 Information Security Strategy
4.2 National Cybersecurity Strategy
 4.2.1 1st Cybersecurity Strategy
 4.2.2 Basic Act on Cybersecurity
 4.2.3 2nd Cybersecurity Strategy
 4.2.4 3rd Cybersecurity Strategy
4.3 National Cyber Defense Strategy
 4.3.1 Japan-US Defense Guidelines
 4.3.2 Nat. Defense Program Guidelines
 4.3.3 Mid-Term Defense Program

5 Organizational Structures
5.1 The Cabinet
5.2 The Cabinet Secretariat
5.3 Ministry of Defense
5.4 US-Japan Cyber Defense Cooperation
5.5 National Public Safety Commission
5.6 Ministry of Economy, Trade, and Industry
5.7 Ministry of Internal Affairs and Communications
5.8 Cyber Attack Analysis Council
5.9 Ministry of Justice
5.10 Ministry of Foreign Affairs

6 Conclusion

7 Abbreviations

8 Bibliography



1 Introduction

The goal of this study is to provide the reader with a deeper understanding of the evolutionary path Japan’s national cybersecurity and cyber defense posture has taken since the year 2000. To do so, the study explains trigger events, major policy documents, and outlines the current organizational government structure. Please note that this study is non-exhaustive, meaning, there are numerous sectoral developments, specialized regulations, and smaller governmental organizations that this study does not specifically touch upon.

Following this introduction, section two contextualizes the cyber-relevant policy areas that the Japanese government is currently working on. Section three expands on this by explaining the trigger events that have spurred the necessity for government involvement. Section four analyzes the main policy documents that have been and are still shaping Japan’s behavior and thinking pertaining to cyberspace. And section five takes a deep dive into the organizational structure by outlining and connecting more than 45 Japanese government and government-affiliated organizations that make up the nation’s cybersecurity and defense posture (ministries, agencies, councils, units etc.).

Please note that this study only looks at organizations and instruments the Japanese government is involved in. It does not comprehensively touch upon the evolution and dynamics within the private sector in Japan.


6 Conclusion

As this study has hopefully shown, Japan’s national cybersecurity and defense posture is both highly fragmented horizontally and deeply centralized vertically. In theory, the current set-up should create the necessary pressures for government agencies and ministries to cooperate interdependently while innovating separately.

28 In practice, the lack of open source information available as to how far and deep ministries actually cooperate – bilaterally, through the NISC, and within the Cybersecurity Strategic HQ – makes it difficult to evaluate success or failure from the outside looking in (as, for instance, in the case of assessing the prevalence of intelligence silos).

By contrast, the individual innovation of government agencies and ministries is clearly visible through the creation of new units, councils, and avenues to engage the private sector and other non-governmental actors.

As far as visible, there are little to no duplication efforts among ministries and agencies. Instead they seem to naturally seek cooperation in areas where they overlap and individually invent new research items and structures in line with their mission profile. In this regard, the Ministry of Foreign Affairs stands somewhat apart from all the rest. MOFA has not shown the same innovative spirit as the other ministries. Instead, MOFA’s cyber security policy division, the cyber ambassador, and the IAS seem to follow the general trajectory of the international community – particularly on norms and rules for state behavior online – while taking tentative  steps to lead capacity-building efforts in the ASEAN region. The criticism here is not so much that MOFA is sluggish, but that the ministry has so much more potential to develop its own policies in-house rather than primarily replicate and attach itself to Western approaches. If MOFA is willing and able to experiment with its own bold cyber policy ideas in the not so distant future, it has the potential to promulgate a distinct Japanese style of cyber diplomacy.

The Ministry of Defense is already on this trajectory, with barriers falling on the offensive end and an alignment with US operational thinking in cyberspace becoming a distinct possibility (ex. persistent engagement and defending forward). Depending on how far and wide Japanese law enforcement is willing and legally able to push the envelope in its fight against cybercrime, some of the capabilities procured by the MoD could also be utilized to disrupt cybercriminal infrastructure abroad – thus emulating Australia’s interpretation of international law and principle of due diligence during the COVID-19 crisis.29 Overall, one can conclude that the Japanese government has learned very early on that standing stationary in cyberspace is not a viable option.

Innovation and experimentation are key to progress, cooperation is key to strength, and preparing for the unexpected is key to evolving.


28 METI’s cooperative innovation approach stands apart from the other ministries.

29 See: Australian Ministry of Defense 2020.



« IPA 情報セキュリティ白書2020 + 10大脅威 ~セキュリティ対策は一丸となって、Let's Try!!~ | Main | US-CISAが連邦機関に対する脆弱性情報の開示方針を発表していましたね。。。 »


Post a comment

(Not displayed with comment.)

Comments are moderated, and will not appear on this weblog until the author has approved them.

« IPA 情報セキュリティ白書2020 + 10大脅威 ~セキュリティ対策は一丸となって、Let's Try!!~ | Main | US-CISAが連邦機関に対する脆弱性情報の開示方針を発表していましたね。。。 »