Japan to Give Self Defense Forces New Duty of Active Cyber Defense; Protect Against Cyber-Attacks Even in Peacetime

Yomiuri Shimbun file photo
The main gate of the Defense Ministry is seen in Shinjuku Ward, Tokyo.

The government is arranging to have “active cyber defense” established as a new duty of the Self-Defense Forces as part of efforts to prevent major cyber-attacks from occurring, The Yomiuri Shimbun has learned.

According to government sources, the government is considering giving the SDF the authority to infiltrate an attacker’s server and render it harmless to protect government entities and critical infrastructure such as power stations during normal times even when an armed attack is not taking place.

The government plans to submit relevant legislation such as amendment bills to the Self-Defense Forces Law and the Police Duties Execution Law during the extraordinary Diet session to be held this autumn, based on discussions held by the ruling parties and a panel of experts chaired by Kenichiro Sasae, a former Japanese ambassador to the United States.

Active cyber defense refers to the government detecting potential cyber-attacks before they happen in normal times and, if necessary, hacking into the attacker’s server or other systems to disable the threat. The government plans to have the police and SDF handle operations to penetrate and neutralize those servers.

At the moment, SDF activities during situations that do not constitute an armed attack include maritime security operations and going into action to keep order at times when the police and Japan Coast Guard are struggling to deal with a situation.

The Yomiuri Shimbun

There is currently no legal foundation for the SDF to take actions to defend against cyber-attacks on vital infrastructure and other government entities during normal times. Therefore, enabling the SDF to become an operational force for active cyber defense requires adding the duty of dealing with cyber threats to the SDF Law.

In April 2022, the National Police Agency created a special cybercrime investigation squad. This unit, later upgraded to a department, has been bolstering its activities. The force has built up an impressive track record, such as involvement in a joint international investigation that prosecuted a Russian hacker, and it reportedly excels in the investigation and analysis of cyber-attacks committed for criminal purposes. On the other hand, the SDF has strengthened its capabilities to neutralize the servers of an attacker as part of efforts to strike back in the event of a contingency.

Within the government, there has been a proposal for the police and SDF to work seamlessly together on server infiltration and neutralizing operations, and for the National Center for Incident Readiness and Strategy for Cybersecurity (NISC) to be reorganized into a successor body that would serve as a command post and coordinate the entire process.

As of the end of fiscal 2023, about 2,300 specialized personnel at the Defense Ministry were engaged in cyber defense, mainly at the cyber defense command. The government plans to increase this number to about 4,000 by fiscal 2027. The government will craft measures to protect defense-related industries from cyber-attacks and expects to further expand support for this field.