Overseeing an Active Cyber Defense System is a Heavy Responsibility; Core Infrastructure Eyed for Protection


The government’s design for an “active cyber defense” system, which is aimed at preventing serious cyberattacks, is now in the final stages of preparation before the submission of related bills to the ordinary Diet session this year.

At the end of November, a panel of experts compiled its recommendations for an active cyber defense system. Kenichiro Sasae, a former ambassador to the United States who chaired the panel, commented: “We have produced a good report. The next step, which includes the drafting of bills, is extremely important for gaining the understanding of the public.”

The main feature of an active cyber defense system is that it enables government agencies to acquire and analyze communications data. To ensure compatibility with the Constitution, which guarantees the “secrecy of communications,” the government is considering three main types of monitoring.

Firstly, regarding communications sent from one foreign country to another that pass through Japan, the degree of protection provided by the Constitution is weak. It is thought that, if there is a security-related need, it will be possible to acquire the information without the consent of users. Because Japan is a major hub in Asia for undersea cables, which handle 90% of international traffic for electronic communications, it is expected that information on cyberattacks by countries such as China and Russia can be obtained.

For communications from overseas to Japan, those directed to providers of the 15 types of core infrastructure — including electricity, railways, aviation and finance — the government will collect transmitted information after obtaining prior consent from them. This is because of the major disruption to society and the economy that cyberattacks affecting core infrastructure would cause. With prior consent, it is possible to ensure consistency with the Constitution.

Japan Airlines Co. and MUFG Bank, which were hit by separate cyberattacks last month, are considered core infrastructure providers under the active cyber defense system. A senior government official expressed hope that, if an active cyber defense system were to be realized, the government and private sectors would be able to share information about attacks immediately.

Initially, the government was considering monitoring two types of communications: those between foreign countries via Japan and those from foreign countries to core infrastructure providers in Japan. However, if the scope of monitoring is too narrow, the dilemma arises that it will not be possible to prevent as many attacks. It was thought among a panel of experts that “in order to detect transmissions sent from computers infected with malware within Japan, communications from Japan to foreign countries should also be monitored.” In their recommendations, the experts called for all necessary monitoring to be carried out to prevent damage from cyberattacks caused by communications between foreign countries and Japan.

Considering this, the government is working to acquire and analyze communications data that travels between foreign countries and Japan in case the communications have been sent from malicious servers used in past attacks, with the prior approval of an independent organization.

The independent organization, which would be a third-party entity, may be key to ensuring the fairness and legitimacy of an active cyber defense system.

Its establishment as an external organ of the Cabinet Office based on the Cabinet Office Establishment Law is being considered, in the same vein as the Japan Fair Trade Commission and National Public Safety Commission. Its members will be made up of experts in constitutional law, international law, and telecommunications networks.

Government officials have stated that they will not monitor the “essential content of communications,” such as the content of emails, when acquiring and analyzing communications data. The independent organization will oversee the entire system, including ensuring that the processing, storage, disposal and sharing of acquired communications data is being conducted appropriately.

Under the active cyber defense system, when signs of a major cyberattack are found during the acquisition and analysis of communications data, the police and the Self-Defense Forces will infiltrate the server at the attack’s source and neutralize it as necessary. In this situation, too, the independent organization will play an important role.

If the government waits until a warrant is obtained from the courts after an incident has occurred before taking measures, it may allow the damage to spread. For this reason, the government plans to amend the Police Duties Execution Law to provide a legal basis for infiltration and neutralization in response to a situation without delay and have the police and the Self-Defense Forces take the lead in implementing these measures.

At this stage, a proposal that the independent organization should in principle approve those measures in advance is gaining traction.

Regarding the revision of the Police Duties Execution Law, which is the basis for police questioning, some experts have voiced concerns that “it would be strange for the police to be able to decide on measures to deal with cyberattacks on their own, as if it were routine police questioning.”

The government has decided to take an organized approach to the implementation of measures, such as having the National Police Agency Commissioner General take charge in cooperation with the National Security Secretariat. It also plans to have the independent organization carry out preliminary checks, in order to allay concerns.

Political Pulse appears every Saturday.


Shuhei Kuromi

Shuhei Kuromi is a deputy editor in the Political News Department of The Yomiuri Shimbun.