Govt Eyes Monitoring International Communications; ‘Active Cyber Defense’ to Focus on Infrastructure Firms

The Yomiuri Shimbun

1:00 JST, July 10, 2024

The government plans to acquire and monitor information on certain communications from foreign countries to Japan as part of its plans for active cyber defense to prevent cyber-attacks, it has been learned.

There is a proposal that only communications to critical infrastructure providers, such as electricity companies, would be subject to this plan, and that the prior consent of the companies would be obtained.

The government is also considering obtaining information on communications that pass through Japan between foreign countries with loose restrictions.

In active cyber defense, the government analyzes communications information during normal times to detect potential attacks and, if necessary, reaches into the attacker’s server or other systems to render them harmless. It is envisioned to help prevent cyberattacks on critical infrastructure such as power stations and railroads, which would have a tremendous impact on society if their functions were to be disrupted.

In the introduction of the plan, the focus is on compatibility with the secrecy of communications guaranteed by the Constitution.

The government can avoid violating the secrecy of communications by obtaining prior consent. It will carefully consider how to handle communications within Japan, based on discussions by the ruling parties and a panel of experts chaired by Kenichiro Sasae, a former Japanese ambassador to the United States.

In principle, the government is unlikely to acquire the texts of emails and other substantial contents. The information it will obtain will probably be limited to IP addresses, the volume of communications and other details called metadata. An independent third-party organization is likely to monitor the government to prevent the abuse of rights.

Regarding foreign-to-foreign communications, the government believes that the degree to which the Constitution secures the secrecy of communications can be considered weaker, and that the acquisition of information without consent is possible as long as it is done for purposes of public welfare, such as national security.

Japan is a major hub in Asia for submarine cable networks, which account for 90% of international communications, and it is expected that Japan will be able to acquire information on cyber-attacks originating in China, Russia and other countries.

Public-private partnership discussed

On Monday in Tokyo, the government heard opinions from three economic organizations — the Japan Business Federation (Keidanren), the Japan Association of Corporate Executives and the Japan Chamber of Commerce and Industry — at the second meeting of an expert panel on the implementation of active cyber defense. It confirmed the need to greatly strengthen cooperation between the public and private sectors.

Digital Transformation Minister Taro Kono said at the meeting, “We would like to discuss how to protect our nation’s economy and society from cyber-attacks while protecting the rights and interests of citizens.”

A number of participants called for a new framework for the public and private sectors to share information with each other to effectively deal with cyber-attacks.

The government is considering establishing a command post organization by reorganizing the National Center of Incident Readiness and Strategy for Cyber Security (NISC). It is also considering the establishment of a new consultative body that will comprise the command post organization plus critical infrastructure providers, including electric power and telecommunications companies.

The government intends to compile a plan referring to the opinions of the expert panel and submit related bills to the extraordinary session of the Diet in autumn.