Defense Against Cyberattacks Vital for Nations and Companies, Especially Regarding Critical Infrastructure

By Koji Sobata and Hikaru Mutaguchi / Yomiuri Shimbun Staff Writers

17:38 JST, March 5, 2026

At a forum in Tokyo, participants shared the importance of protecting critical infrastructure — which is essential for maintaining a nation’s functions, such as power and communications — from cyberattacks, drawing lessons from warfare in Ukraine and Iran.

The Japanese government plans to fundamentally strengthen public-private partnerships based on new cyber defense-related legislation that will fully go into effect by 2027.

Former U.S. National Cyber Director Chris Inglis praised Ukraine for enduring Russia’s invasion with strong and resilient infrastructure at the international forum held by the Sasakawa Peace Foundation and The Yomiuri Shimbun on Wednesday.

“Most of us in government jobs at the time that the Ukraine war started thought that Ukraine would fight hard and well, but that they wouldn’t last for more than weeks or months, and yet, here we are, four years later. They’re not simply continuing to fight on the physical battlefield, but they’ve done quite well on the cyber battlefield,” Inglis said.

“A lot of private-sector entities are providing resilient, robust infrastructure and defending that infrastructure as the various assaults take place from the Russians,” he added.

Russia is believed to have infiltrated Ukraine’s power and communications systems before starting the invasion in February 2022 to stage a “hybrid attack” combining military forces with cyber operations.

In recent U.S. military attacks on Iran starting on Feb. 28, one of the initial operations involved cyberattacks to degrade Iran’s communications capabilities.

Shigeru Kitamura, who formerly served as Japan’s National Security Secretariat secretary general, said the United States must have thoroughly gathered information on Iran’s communications and other systems. “It seems that Washington employed tactics of identifying Iran’s key systems through intelligence activities, to be able to threaten them,” Kitamura said.

Japan is not immune to such threats. Mihoko Matsubara, chief cybersecurity strategist at NTT Corp., said hacker group Volt Typhoon, believed to be backed by the Chinese government, has attempted “cyberattacks that appear to be a prelude to a Taiwan contingency.” Volt Typhoon is said to have infiltrated communications systems in Guam, where U.S. forces are based.

Jiro Hiroe, a former lieutenant general in the Ground Self-Defense Force and now head GMO Internet Group, Inc.’s Cyber Defense Business Promotion Office, which is called “6,” said, “If you lose in cyberspace, the fifth battlefield following land, sea, air and space, you cannot win [the war].”

15 critical infrastructure sectors

The Japanese government also recognizes the importance of infrastructure protection. Legislation related to so-called active cyber defense enacted last year promotes strengthening public-private partnerships. The government designated 15 sectors of critical infrastructure, including power and telecommunications, as the main targets to be defended. It will launch a public-private council with related businesses as early as October. The council will share sensitive government information, such as the latest cyberattack means and undisclosed vulnerabilities of information technology products, to step up relevant preparation.

“I still remember the moment when I felt afraid, wondering what would happen next,” said another panelist, Hisahiro Tatsushiro, president of logistics systems company Kantsu Co. in Amagasaki, Hyogo Prefecture, recalling the moment systems went down at his firm in a cyberattack in 2024.

Kantsu’s distribution warehouses were totally paralyzed after being hit by a cyberattack that used ransomware, which is malware sent by attackers who demand money in exchange for restoring data. The company also lost accounting and inventory data, suffering total damages of ¥1.7 billion. Tatsushiro said 1,000 workers had to work for 50 days to manually restore the inventory data on 150 million items.

He stressed that establishing alternative systems capable of swift recovery from damages is paramount.

The public-private council is expected to share detailed information on cyberattack damages reported in the country.

Jun Osawa, senior fellow at Sasakawa Peace Foundation, said, “When power shuts off, communications stop. When communications are disrupted, financial systems break down. We need to take into account the chain reaction of damages of infrastructure.”