Cyber Defense: System to Protect Infrastructure Must Be Developed

There is no end to the cyber-attacks targeting not only government organizations but also infrastructure such as electric power and telecommunications facilities. The legal system should be reviewed to prevent serious damage.

Discussions on how to improve response capabilities against cyber-attacks have begun among a government panel of experts.

The panel will consider introducing an active cyber defense system in which the government monitors telecommunications networks during peace time to detect signs of a cyber-attack. If the system determines that there is a threat, it will disable the attacker’s cyber-attack capabilities.

Japan has so far taken a defensive stance against cyber-attacks, based on the policy of exclusively defense. However, if measures are only taken after damage is noticed, the lives and livelihood of the people could be severely affected.

Last year, the loading and unloading of containers at the Port of Nagoya temporarily came to a complete halt due to a cyber-attack on the port’s computer system. Last month, East Japan Railway Co. experienced a failure of the computer system related to prepaid IC ticket cards. This is also believed to have been caused by a cyber-attack.

In recent years, cyber-attacks on Japan’s defense industry have also become more frequent. If confidential information on defense equipment is leaked, Japan will certainly not be able to strengthen its defense capabilities. Japan would lose the trust of its allies and friendly countries, and security cooperation with other nations would be hampered.

An increasing number of major Western countries have introduced active cyber defense systems to enhance deterrence against cyber-attacks.

It is difficult, however, for Japan to introduce such a defense measure under the current circumstances.

In order to detect and understand the signs of cyber-attacks, the government must get records of suspicious communications from service providers. However, service providers cannot, in principle, hand over communication records, based on the “secrecy of any means of communication” stipulated in the Constitution.

In addition, the Law on Prohibition of Unauthorized Computer Access bans access to a computer system without the user’s consent.

That does not mean, however, that risks can be left unchecked. There is an urgent need to revise the law in light of the existing threat.

From the perspective of “public welfare” as stipulated in the Constitution, it is worth considering putting certain limits on the secrecy of communications and allowing the private sector to provide information if there is a danger that a cyber-attack could infringe on the lives or property of citizens.

The National Police Agency established the Cyber Affairs Bureau two years ago as an investigative body against attacks on infrastructure. The Self-Defense Forces are also enhancing the Cyber Defense Command. It would be desirable to divide their roles in advance, deciding whether the police or the SDF should respond to an attack depending on its scale.

There is a shortage of personnel in the government to deal with cyber affairs. The recruitment of highly skilled civilians for a certain level of remuneration must also be considered.

(From The Yomiuri Shimbun, June 9, 2024)