Attacks on Japan’s Core Infrastructure Highlight Need for Active Cyber Defense System; LDP Official says Party Aiming to Implement New System Soon

The Yomiuri Shimbun
The Japan Airlines counters are seen crowded with people due to delays caused by a cyberattack, at Haneda Airport on Thursday.

Japan Airlines Co. and MUFG Bank Ltd., which were both hit by cyberattacks on Thursday, are considered core infrastructure providers under the active cyber defense system, which the government aims to implement soon.

Liberal Democratic Party Policy Research Council Chairperson Itsunori Onodera said while considering the implementation of the new system, the attacks were “exactly the kind of incidents that we assumed would happen.”

Onodera said the LDP would work to ensure bills to establish the active cyber defense system would be passed as soon as possible, as it was “very important for the safety and security of the people.”

The active cyber defense system significantly strengthens measures in three areas: public-private sector cooperation; use of transmitted information; and intrusion and neutralization.

In public-private cooperation, the government and core infrastructure providers will share information on a regular basis, such as about the latest attack methods. It will also be mandatory for providers to promptly report to the government if they are attacked.

In addition to the aviation and finance sectors, 15 industries, including electricity, water and railways, are designated as core infrastructure providers because a suspension of their functions would greatly impact people’s lives.

If the active cyber defense system were to be realized, “the government and the private sector will work together, so an attack — like the most recent ones — can be handled more quickly,” a senior government official said.

In the envisioned system, a government body would obtain transmitted information and analyze it for possible threats, and if any signs of a cyberattack are detected, police or the Self-Defense Forces would be allowed to enter the attacker’s server and neutralize the threat. The system would drastically boost Japan’s cyber defense capability, making it equal to that of the West.

To detect signs of an attack, the government needs to obtain transmitted information. However, at present, such information cannot be provided based on the “secrecy of any means of communication” stipulated in the Constitution. To ensure the stipulation is not violated, the government plans to have an independent body oversee the system.

The government and ruling parties are working together to submit bills to form a new body and monitor communications, as well as draft revisions of the Police Duties Execution Law and the SDF law, to the ordinary Diet session to be convened in January.